Hi,
On Sat, Mar 30, 2024 at 08:57:14PM +, fxkl4...@protonmail.com wrote:
> so is this a threat to us normal debian users
If you have to ask, i.e. you do not know how to check that your
Debian install is secured against extremely well known recent
exploits that have been plastered across the
On 2024-03-30, fxkl4...@protonmail.com wrote:
> so is this a threat to us normal debian users
> if so how do we fix it
Debian stable is not affected, Debian testing, unstable and
experimental must be updated.
https://lists.debian.org/debian-security-announce/2024/msg00057.html
alton wrote:
>>
>> Seems relevant since Debian adopted xz about 10 years ago.
>>
>> -- Forwarded message -
>> From: Andres Freund
>> Date: Fri, Mar 29, 2024 at 12:10 PM
>> Subject: [oss-security] backdoor in upstream xz/liblzma leading to s
eund
> Date: Fri, Mar 29, 2024 at 12:10 PM
> Subject: [oss-security] backdoor in upstream xz/liblzma leading to ssh
> server compromise
> To:
>
> Hi,
>
> After observing a few odd symptoms around liblzma (part of the xz package) on
> Debian sid installations over the l
Hello,
On Fri, Mar 29, 2024 at 01:52:18PM -0400, Jeffrey Walton wrote:
> Seems relevant since Debian adopted xz about 10 years ago.
Though we do not know how or why this developer has come to recently
put apparent exploits in it, so we can't yet draw much of a
conclusion beyond "sometimes people
On Fri, Mar 29, 2024 at 01:52:18PM -0400, Jeffrey Walton wrote:
> Seems relevant since Debian adopted xz about 10 years ago.
>
Also note that this has been addressed in Debian:
https://lists.debian.org/debian-security-announce/2024/msg00057.html
Provided here for the benefit those who are not
On Thu, Mar 5, 2020 at 7:46 AM Richard Hector wrote:
> On 5/03/20 12:10 pm, Keith Bainbridge wrote:
> > On 5/3/20 8:37 am, Richard Hector wrote:
> >> I am installing it from
> >> debian-10.3.0-amd64-xfce-CD-1.iso.
>
> No I didn't. The OP (Cichas) did.
>
> > Is this CD #1 of the set of 3 or 4 or
On 5/03/20 12:10 pm, Keith Bainbridge wrote:
> On 5/3/20 8:37 am, Richard Hector wrote:
>> I am installing it from
>> debian-10.3.0-amd64-xfce-CD-1.iso.
No I didn't. The OP (Cichas) did.
> Is this CD #1 of the set of 3 or 4 or more? The .deb you are looking for
> may be on one of the other CDs.
On Mi, 04 mar 20, 18:00:12, john doe wrote:
> On 3/4/2020 4:32 PM, Cichas wrote:
> > I have checked the ISO image and SSH server should be on it
> > (/pool/main/o/openssh/openssh-server_7.9p1-10+deb
> > 10u2_amd64.deb) so that's also not reason why it is not offered to
&g
from debian-10.3.0-
> amd64-xfce-CD-1.iso. As it is in remote location with problematic Internet
> access I wanted to do offline install. After several attempts I figured out
> that it is not possible to install SSH server from "Install" menu (text
> mode) if I will do it as offlin
On Wed, 04 Mar 2020 16:32:42 +0100 (CET)
Cichas wrote:
>
> Hello guys,
>
> sorry if this is documented somewhere but today I decided to ask here
> as it is something fundamental I cannot understand. After 20 years I
> decided to try Debian again (as VM for start). I am installing it
> from
On 5/3/20 8:37 am, Richard Hector wrote:
I am installing it from
debian-10.3.0-amd64-xfce-CD-1.iso.
Is this CD #1 of the set of 3 or 4 or more? The .deb you are looking for
may be on one of the other CDs.
I agree with the suggestion to try the DVD. Seems the 'netinstall' is
the
amd64-xfce-CD-1.iso. As it is in remote location with
> problematic Internet access I wanted to do offline install. After
> several attempts I figured out that it is not possible to install SSH
> server from "Install" menu (text mode) if I will do it as offline
> install withou
.3.0-
> amd64-xfce-CD-1.iso. As it is in remote location with problematic Internet
This is a cd where I would try a DVD.
> access I wanted to do offline install. After several attempts I figured out
> that it is not possible to install SSH server from "Install" menu (text
>
with problematic Internet
access I wanted to do offline install. After several attempts I figured out
that it is not possible to install SSH server from "Install" menu (text
mode) if I will do it as offline install without allowing to use mirror.
Which makes no sense. If I have Internet access
On Mon, Oct 07, 2019 at 04:00:43PM +0100, mick crane wrote:
> Are all [systemd] services daemons ?
No. Systemd services have "types". Some of these types (simple, forking)
can reasonably be called daemons, because they run a program, or suite
of programs, which is expected to stick around for a
On 2019-10-07 14:28, Greg Wooledge wrote:
On Sat, Oct 05, 2019 at 08:42:51PM +0100, mick crane wrote:
after checking through /etc/ssh/sshd_config on the server
basic use is
systemctl start sshd.service
systemctl stop sshd.service
systemctl restart sshd.service
systemctl enable sshd.service (
On Sat, Oct 05, 2019 at 08:42:51PM +0100, mick crane wrote:
> after checking through /etc/ssh/sshd_config on the server
> basic use is
> systemctl start sshd.service
> systemctl stop sshd.service
> systemctl restart sshd.service
> systemctl enable sshd.service ( should start sshd at boot )
>
to figure out how to check if ssh is running using
> >> systemD which is of course what Debian and Raspbian use.
> >>
> >> However my search term
> >>
> >> system d check ssh server is running
> >
> > If it's the client on the same PC you'd kno
On 2019-10-05 20:03, Paul Sutton wrote:
On 05/10/2019 17:15, mick crane wrote:
On 2019-10-05 17:01, Paul Sutton wrote:
Hi
I am trying to figure out how to check if ssh is running using
systemD which is of course what Debian and Raspbian use.
However my search term
system d check ssh server
t;>
>> However my search term
>>
>> system d check ssh server is running
>
> If it's the client on the same PC you'd know. if sshd "systemctl
> status sshd" or "ps ax | grep ssh"
Hi
Thanks for this, should be really helpful. To give some back
On 2019-10-05 17:01, Paul Sutton wrote:
Hi
I am trying to figure out how to check if ssh is running using systemD
which is of course what Debian and Raspbian use.
However my search term
system d check ssh server is running
If it's the client on the same PC you'd know.
if sshd
"syst
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
I am trying to figure out how to check if ssh is running using systemD
which is of course what Debian and Raspbian use.
However my search term
system d check ssh server is running
Yielded
https://cplusprogrammer.wordpress.com/2016/10/17/how
es <
> supo...@aprendendolinux.com> escreveu:
>
>> Prezado Colegas,
>>
>> Saudações "pinguianas"!
>>
>> Gostaria de contribuir com a comunidade com o artigo que acabei de
>> escrever, ensinando a instalar e configurar o SSH Server em sis
unidade com o artigo que acabei de
> escrever, ensinando a instalar e configurar o SSH Server em sistemas
> Windows.
>
> Segue o link:
> https://www.aprendendolinux.com/openssh-ssh-server-no-windows/
>
> Atenciosamente,
>
> Henrique Fagundes
> Analista de Suporte Linux
Prezado Colegas,
Saudações "pinguianas"!
Gostaria de contribuir com a comunidade com o artigo que acabei de escrever,
ensinando a instalar e configurar o SSH Server em sistemas Windows.
Segue o link:
https://www.aprendendolinux.com/openssh-ssh-server-no-windows/
Atenciosamente,
Piotr Martyniuk wrote:
> I have hardware router which allows to configure VPN. I managed to set
> it up on my laptop (debian Stretch) in the NetworkManager applet. So
> now I can connect from office to outside word using my home router as
> a proxy (when I check my IP it shows the IP of my
I have hardware router which allows to configure VPN. I managed to set
it up on my laptop (debian Stretch) in the NetworkManager applet. So
now I can connect from office to outside word using my home router as
a proxy (when I check my IP it shows the IP of my router).
I can also connect to one
This may or may not be relevant: Rooting android makes it possible to
use it as an SSH *client*.
signature.asc
Description: OpenPGP digital signature
Le 28/09/2014 14:00, softwatt a écrit :
This may or may not be relevant: Rooting android makes it possible to
use it as an SSH *client*.
You mean server ? Because you have ssh clients for non rooted android...
I use connectbot, but there are others
signature.asc
Description: OpenPGP
On 09/28/2014 03:03 PM, Erwan David wrote:
Le 28/09/2014 14:00, softwatt a écrit :
This may or may not be relevant: Rooting android makes it possible to
use it as an SSH *client*.
You mean server ? Because you have ssh clients for non rooted android...
I use connectbot, but there are
softwatt writes:
I meant an SSH client.
I did not know that some non-root apps allow that. Thanks.
However, rooting gives you a fully fledged GNU/Linux terminal, which
has SSH, Rsync, Busybox, etc.
ConnectBot can also give one a terminal for the device on which it's running.
A
On 09/28/2014 04:04 PM, Alexis wrote:
softwatt writes:
I meant an SSH client.
I did not know that some non-root apps allow that. Thanks.
However, rooting gives you a fully fledged GNU/Linux terminal, which
has SSH, Rsync, Busybox, etc.
ConnectBot can also give one a terminal for the
On 2014-09-22 18:05:00 +, Eduardo M KALINOWSKI wrote:
I've used this one (mostly for copying files):
https://play.google.com/store/apps/details?id=berserker.android.apps.sshdroid
The last time I tried SSHDroid, it automatically started a server
with the default root password admin! So,
On 26/09/2014 16:24, Vincent Lefevre wrote:
On 2014-09-22 18:05:00 +, Eduardo M KALINOWSKI wrote:
I've used this one (mostly for copying files):
https://play.google.com/store/apps/details?id=berserker.android.apps.sshdroid
The last time I tried SSHDroid, it automatically started a server
...@gmail.com:
Hi guys,
I know this topic is somewhat out of debian context, but someone knows a
opensource project like a SSH Server for Android, with X11 Session Forward
Support?
Thanks.
Not exactly what you're looking for, but, I'm using an app from the play
store called Terminal
, 2014 at 6:19 PM, Joel Rees joel.r...@gmail.com wrote:
2014/09/23 2:24 Danilo Sampaio danilo.samp...@gmail.com:
Hi guys,
I know this topic is somewhat out of debian context, but someone knows a
opensource project like a SSH Server for Android, with X11 Session Forward
Support?
Thanks
phone from PC. I'm looking for a opensource project, because i'll
probably
make customizations.
Terminal IDE does have an ssh server. But it idoesn't get you control
over the entire device
Well, if you want something more than what Terminal IDE or No-Root
Debian can get you, you're going
need a rooted phone.
Depending on what is needed, to move files and such between my phone and
the computer, AirDroid has worked very well for me.
Sometime ago I found it suitable running Dropbear SSH Server:
https://matt.ucc.asn.au/dropbear/dropbear.html
But my phone is rather low end so I
Hi guys,
I know this topic is somewhat out of debian context, but someone knows a
opensource project like a SSH Server for Android, with X11 Session Forward
Support?
Thanks.
--
*Danilo Sampaio*
Analista de Sistemas Sr. | Application Services
*Capgemini | Brasil*
Tel.: 55 85
On Seg, 22 Set 2014, Danilo Sampaio wrote:
I know this topic is somewhat out of debian context, but someone knows a
opensource project like a SSH Server for Android, with X11 Session Forward
Support?
I've used this one (mostly for copying files):
https://play.google.com/store/apps/details?id
for the answer.
When said ...with X11 Session Forward Support, i mean SSH Server, like
SSDDroid, that implements a software layer for a transparent X11 forward
emulation. This feature would be useful for execute my android applications
from my PC, like a remote connection with X11 Forward.
On Mon
On Seg, 22 Set 2014, Danilo Sampaio wrote:
When said ...with X11 Session Forward Support, i mean SSH Server, like
SSDDroid, that implements a software layer for a transparent X11 forward
emulation. This feature would be useful for execute my android applications
from my PC, like a remote
* On 2014 22 Sep 14:24 -0500, Eduardo M KALINOWSKI wrote:
If what you some way to control your phone via your PC, SSH X11 Forwarding
won't help. But there may be applications that allow that (at least
partially). Probably you'll need a rooted phone.
Depending on what is needed, to move files
On Mon, Sep 22, 2014 at 04:13:47PM -0300, Danilo Sampaio wrote:
When said ...with X11 Session Forward Support, i mean SSH Server, like
SSDDroid, that implements a software layer for a transparent X11 forward
emulation. This feature would be useful for execute my android applications
from my PC
2014/09/23 2:24 Danilo Sampaio danilo.samp...@gmail.com:
Hi guys,
I know this topic is somewhat out of debian context, but someone knows a
opensource project like a SSH Server for Android, with X11 Session Forward
Support?
Thanks.
Not exactly what you're looking for, but, I'm using an app
heeft in /etc/ssh/sshd_config
AcceptEnv LANG LC_*
Ook heeft de ssh server meerdere locales ingestalleerd, waaronder en_US.
In de ssh-sessie op die server is LANG=nl_NL.UTF-8,
daar was LANG=en_US verwacht.
Maar waarom die LANG waarde?
De mismatch in LANG tussen ssh-client en
Hoi lijst, Paul,
Heb de originele thread van Paul per ongelijk al verwijderd, maar neem
aan dat ie het zo toch leest:
Je hebt misschien wel iets aan de informatie op deze pagina..:
http://debian-handbook.info/browse/stable/sect.quality-of-service.html
Hoewel bovenstaand je waarschijnlijk
Op 18-09-13 18:42, mourik jan heupink schreef:
Hoi lijst, Paul,
Heb de originele thread van Paul per ongelijk al verwijderd, maar neem
aan dat ie het zo toch leest:
Je hebt misschien wel iets aan de informatie op deze pagina..:
On Ma, 07 mai 13, 14:18:48, Default User wrote:
Okay, thanks guys.
I think I will skip the ssh-server task, as a security measure (they can't
pick a lock that isn't there).
I will also skip the print-server task for now, and just add that once I
get a new printer.
You might probably stil
On Tue, 7 May 2013 12:09:58 -0500
Default User hunguponcont...@gmail.com wrote:
Any opinions?
Adding to what others posted, one case when SSH might be useful
is when bad bug happens to your GUI desktop that prevents you
even from switching to terminal to resolve the situation.
In such case
-selected are:
- desktop environment
- standard utilities
- print server
- ssh server
In this scenario, I am not sure why the print server and ssh server are
pre-selected. Are the really useful, or would they just take up space and
add complexity?
Any opinions?
On Tue, 7 May 2013, Default User wrote:
[snip]
In this scenario, I am not sure why the print server and ssh server are
pre-selected. Are the really useful, or would they just take up space and add
complexity?
Any opinions?
The ssh server takes up little space and allows you to operate
pre-selected software task groups are to be
installed. Pre-selected are:
- desktop environment
- standard utilities
- print server
- ssh server
In this scenario, I am not sure why the print server and ssh server are
pre-selected.
The tasksel maintainer presumably thought
Le 07/05/2013 19:24, Lars Nooden a écrit :
On Tue, 7 May 2013, Default User wrote:
[snip]
In this scenario, I am not sure why the print server and ssh server are
pre-selected. Are the really useful, or would they just take up space and add
complexity?
Any opinions?
The ssh server takes up
-selected software task groups are to be
installed. Pre-selected are:
- desktop environment
- standard utilities
- print server
- ssh server
In this scenario, I am not sure why the print server and ssh server are
pre-selected. Are the really useful, or would they just take up
Okay, thanks guys.
I think I will skip the ssh-server task, as a security measure (they can't
pick a lock that isn't there).
I will also skip the print-server task for now, and just add that once I
get a new printer.
On Tue, May 7, 2013 at 12:09 PM, Default User hunguponcont...@gmail.comwrote
for office or business purposes.
The installer asks what pre-selected software task groups are to be
installed. Pre-selected are:
- desktop environment
- standard utilities
- print server
- ssh server
In this scenario, I am not sure why the print server and ssh
Ivan Shmakov wrote:
Bob Proulx writes:
2. Ensure that sshd is listening on port 22.
$ netstat -na | grep '0.0.0.0:22'
tcp0 0 0.0.0.0:22 0.0.0.0:*LISTEN
As IPv6 is slowly conquering the world, I'd be checking for
:::22 just as well, e.
Bob Proulx b...@proulx.com writes:
RiverWind wrote:
I used to be able to ssh from my shellworld account into my Linux
box before I got the latest version of the squeeze disk. I am not
able to do so now. Exactly what needs to be set up or in place in
order for me to once again be able to
On Sat, 14 May 2011 23:15:33 +0900
Joel Rees joel.r...@gmail.com wrote:
...
Disable root login on ssh entirely. (/etc/ssh/sshd_config has that
enabled in my more-or-less default install. That is, I think, so you
don't find yourself in a catch-22 when installing remotely. Should be
in a list
On Fri, May 6, 2011 at 6:14 AM, George pinkisntw...@gmail.com wrote:
I have a computer at home that I'm doing some research on and I set up
an SSH server on it so I can access it from other computers at home. I
haven't opened up the network to the internet yet though, as I'm not
confident
On Jo, 05 mai 11, 23:09:02, Brian wrote:
You can be confident that the default Debian install of openssh-server
has a configuration which is very safe. There is nothing for you to do.
While I wouldn't say that the Debian (actually upstream?) configuration
is unsafe, there are ways to improve
2] in /etc/hosts.allow limit access to sshd accordingly (sshd: WORKPLACE
IP);
I'm prepared to be wrong here but, aren't the hosts.* configs just for inetd
/ xinetd and (possibly) portmap? And, IIRC, ssh installs as an init script
on debian?
On May 5, 2011 8:15 PM, Perry Thompson ryperven...@yahoo.fr wrote:
On 05/05/2011 06:46 PM, cac...@quantum-sci.com wrote:
On Thursday 5 May, 2011 15:09:02 Brian wrote:
Use a strong password or ssh keys for access to the server. The
question
is whether you trust the machine you use at work.
George:
On 5/6/11, Jochen Schulz m...@well-adjusted.de wrote:
If you only allowing key-based authentication and install security
patches in a timely manner, the risk from running a public OpenSSH
server is low. Expect brute-force attempts to login using weak
passwords, though. If you only
On 5/6/11, Jochen Schulz m...@well-adjusted.de wrote:
You can authenticate to an OpenSSH server using a password, or using a
keyfile. On the client side, simply run 'ssh-keygen' to create a
keypair.
So the attacker needs to guess my private key instead of my password.
How does that make his
On Fri 06 May 2011 at 01:59:10 -0400, shawn wilson wrote:
I'm prepared to be wrong here but, aren't the hosts.* configs just for inetd
/ xinetd and (possibly) portmap? And, IIRC, ssh installs as an init script
on debian?
Daemons can also be linked against libwrap. sshd is (ldd
On Fri, May 06, 2011 at 11:54:28AM +0300, George wrote:
On 5/6/11, Jochen Schulz m...@well-adjusted.de wrote:
You can authenticate to an OpenSSH server using a password, or using a
keyfile. On the client side, simply run 'ssh-keygen' to create a
keypair.
So the attacker needs to guess
On 5/6/11, Tom Furie t...@furie.org.uk wrote:
So the attacker needs to guess my private key instead of my password.
How does that make his life more difficult, assuming my password was
very strong?
No, the attacker needs to HAVE your private key and KNOW the pass phrase
for that key.
Rob Owens row...@ptd.net wrote:
[...] you can run your ssh server on a port other than 22
I can thoroughly recommend this. Actually, to be pedantic, you can set
port forwarding from your router's port N to your server's port 22.
Other people have mentioned that you should put AllowUsers in your
On Thu 05 May 2011 at 20:54:12 -0400, Rob Owens wrote:
You could run Debian Live on a USB stick (or any other live distro,
really). Boot your work machine with that, and you will have a trusted
machine. Use that to ssh to your home machine.
I suppose this 'trusted machine' doesn't have a
On Fri 06 May 2011 at 02:06:17 -0400, shawn wilson wrote:
Something you have - thumb drive
Something you know - the ip / name of your machine
With an untrusted machine on a network you do not control both are
capable of becoming the property of someone else.
It's two factor enough imo.
On Fri 06 May 2011 at 11:54:28 +0300, George wrote:
So the attacker needs to guess my private key instead of my password.
How does that make his life more difficult, assuming my password was
very strong?
It is easy to construct a password which would take 10,000 years to
guess or brute force.
On Fri, May 6, 2011 at 09:06, shawn wilson ag4ve...@gmail.com wrote:
I suppose you could keep your public key with you on a USB drive and
only put it on the computer when you need it, however I'm not sure how
secure that would be :/
Something you have - thumb drive
Something you know - the
On Fri, May 6, 2011 at 12:02, Tom Furie t...@furie.org.uk wrote:
No, the attacker needs to HAVE your private key and KNOW the pass phrase
for that key. Assuming you keep your key secure and have a decent pass
phrase his life should be very difficult indeed.
Yes, but using that key on a
George:
On 5/6/11, Jochen Schulz m...@well-adjusted.de wrote:
You can authenticate to an OpenSSH server using a password, or using a
keyfile. On the client side, simply run 'ssh-keygen' to create a
keypair.
So the attacker needs to guess my private key instead of my password.
Exactly.
On Fri, May 6, 2011 at 12:13, Brian a...@cityscape.co.uk wrote:
You could run Debian Live on a USB stick (or any other live distro,
really). Boot your work machine with that, and you will have a trusted
machine. Use that to ssh to your home machine.
I suppose this 'trusted machine' doesn't
On Fri, May 6, 2011 at 11:43, Brian a...@cityscape.co.uk wrote:
I'm prepared to be wrong here but, aren't the hosts.* configs just for inetd
/ xinetd and (possibly) portmap? And, IIRC, ssh installs as an init script
on debian?
Daemons can also be linked against libwrap. sshd is (ldd
On Friday 6 May, 2011 02:13:52 Brian wrote:
A strong password is no less secure in brute force terms than a key so
there is no reason to disallow it on those grounds. You can also be sure
you have never left it at home or elsewhere.
What you're missing is the difference between someone trying
On Fri 06 May 2011 at 13:39:48 +0300, Dotan Cohen wrote:
Could you please expand on this a bit please. I'm not sure that I
understand the relevance. If there is some fine document that I should
be reading then a link to it would be appreciated. I like to read the
fine manual, but for this
On Fri, May 6, 2011 at 14:45, Brian a...@cityscape.co.uk wrote:
Could you please expand on this a bit please. I'm not sure that I
understand the relevance. If there is some fine document that I should
be reading then a link to it would be appreciated. I like to read the
fine manual, but for
On Fri 06 May 2011 at 13:48:23 +0300, Dotan Cohen wrote:
However, keys are good to prevent brute-force attacks. Think of it
like a 256-character password using the entire ASCII field. Also, keys
are not susceptible to keyloggers.
I'm unsure whether you mean 'prevent' because neither keys nor
On Fri, May 6, 2011 at 12:23, George pinkisntw...@gmail.com wrote:
No, the attacker needs to HAVE your private key and KNOW the pass phrase
for that key. Assuming you keep your key secure and have a decent pass
phrase his life should be very difficult indeed.
He still needs to guess a string,
On Fri 06 May 2011 at 04:51:16 -0700, cac...@quantum-sci.com wrote:
On Friday 6 May, 2011 02:13:52 Brian wrote:
A strong password is no less secure in brute force terms than a key so
there is no reason to disallow it on those grounds. You can also be sure
you have never left it at home or
On Friday 6 May, 2011 05:15:23 Brian wrote:
What you're missing is the difference between someone trying to hack from
the
client machine... and a remote script trying to brute-force your server.
Big
difference.
No I'm not. But please explain the difference, bearing in mind the
On Fri, May 6, 2011 at 15:08, Brian a...@cityscape.co.uk wrote:
On Fri 06 May 2011 at 13:48:23 +0300, Dotan Cohen wrote:
However, keys are good to prevent brute-force attacks. Think of it
like a 256-character password using the entire ASCII field. Also, keys
are not susceptible to keyloggers.
On Friday 6 May, 2011 05:08:52 Brian wrote:
I'm unsure whether you mean 'prevent' because neither keys nor passwords
can stop brute forcing attempts. If you mean a key (256 characters) is
stronger than a password (20 characters) I'd agree. But the key is no
more secure than the password. Not
On Fri, May 06, 2011 at 01:08:52PM +0100, Brian wrote:
Keyloggers would get the key passphrase too. And the USB stick
would have its contents pilfered. So, keys don't appear to give any
advantage over passwords on an untrusted machine.
For the connect from untrusted computers there are
On 06/05/11 15:11, Wolfgang Karall wrote:
On Fri, May 06, 2011 at 01:08:52PM +0100, Brian wrote:
Keyloggers would get the key passphrase too. And the USB stick
would have its contents pilfered. So, keys don't appear to give any
advantage over passwords on an untrusted machine.
combined with
Hello List !
For the connect from untrusted computers there are one-time-passwords.
I've used libpam-opie in the past with great success for the occasional
connection from internet cafe's for example.
By googling, I found this web page:
On 05/06/2011 02:50 PM, cac...@quantum-sci.com wrote:
On Friday 6 May, 2011 05:15:23 Brian wrote:
What you're missing is the difference between someone trying to hack from the
client machine... and a remote script trying to brute-force your server. Big
difference.
No I'm not. But
Hi folks
On 06/05/11 16:33, Jerome BENOIT wrote:
Hello List !
For the connect from untrusted computers there are one-time-passwords.
I've used libpam-opie in the past with great success for the occasional
connection from internet cafe's for example.
By googling, I found this web page:
On Thu, 5 May 2011, Rob Owens wrote:
I hesitate to mention this, because it will start an argument about
security through obscurity, but you can run your ssh server on a port
other than 22. It really does nothing for security, but it will keep
your firewall logs a lot cleaner because it avoids
On Fri, 6 May 2011, Brian wrote:
A strong password is no less secure in brute force terms than a key so
Oh yes it is. A strong password may take a very long time to brute force,
but that isn't what you said.
Breaking an arbitrarily long key pair is regarded as being
cryptographically
Robert Brockway rob...@timetraveller.org wrote:
Yes it would keep logs a bit cleaner. I've never[1] changed the ssh port
on any host and never been terribly worried about the state of the logs as
a result.
I tend to take a different view: if I can get rid of rubbish from the
logs then it
Hello,
On Fri, May 06, 2011 at 05:00:18PM +0100, Dom wrote:
However, libpam-opie seems to have been dropped by Debian after squeeze,
due to lack of support, some security issues, and no updates for quite a
few years.
I run Wheezy, is there a supported alternative to libpam-opie?
A quick
On 06/05/11 22:37, Wolfgang Karall wrote:
Hello,
On Fri, May 06, 2011 at 05:00:18PM +0100, Dom wrote:
However, libpam-opie seems to have been dropped by Debian after squeeze,
due to lack of support, some security issues, and no updates for quite a
few years.
I run Wheezy, is there a
On 06/05/11 21:37, Wolfgang Karall wrote:
Hello,
On Fri, May 06, 2011 at 05:00:18PM +0100, Dom wrote:
However, libpam-opie seems to have been dropped by Debian after squeeze,
due to lack of support, some security issues, and no updates for quite a
few years.
I run Wheezy, is there a supported
I have a computer at home that I'm doing some research on and I set up
an SSH server on it so I can access it from other computers at home. I
haven't opened up the network to the internet yet though, as I'm not
confident enough that it is safe.
What are the configuration steps that I will need
1 - 100 of 203 matches
Mail list logo