Re: SSH Question
try putty for windows On Thu, Oct 11, 2007 at 01:20:52AM -0600, Telly Williams wrote: Hi, I see some of you talking about SSHing into your computer from another. What if the computer you're using isn't Linux/Unix? I was thinking that you could reboot that computer and boot up Puppy using a USB drive, or should/can you do this through any shell irrespective of the OS? Thanks. -- Telly Williams Knowledge Is Power -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] signature.asc Description: Digital signature
Re: SSH Question
On Thu, Oct 11, 2007 at 05:22:25PM +1000, Alex Samad wrote: try putty for windows Thank you. -- Telly Williams Knowledge Is Power -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH Question
Telly Williams escribió: On Thu, Oct 11, 2007 at 05:22:25PM +1000, Alex Samad wrote: try putty for windows Thank you. Actually, to be able to connect from a linux machine to a windows machine you also need a ssh server (well, the same goes for the inverse) that does not come preinstalled in windows. -- .---. | Miguel J. Jiménez | | Programador Senior| | Área de Internet | | [EMAIL PROTECTED]| :---: | ISOTROL, S.A. | | Edificio BLUENET, Avda. Isaac Newton nº3, 4ª planta. | | Parque Tecnológico Cartuja '93, 41092 Sevilla (ESP). | | Teléfono: +34 955 036 800 (ext.1805) - Fax: +34 955 036 849 | | http://www.isotrol.com| :---: | Una bandera une a los habitantes de un pais bajo unos ideales| | comunes y es por eso por lo que todos ellos deben aceptarlos de | | buena gana y no ser forzados a ello pues entonces dicha bandera | | no serviría de nada. - Emperador Ming, Flash Gordon (1x07)(2007) | '---' begin:vcard fn;quoted-printable:Miguel J. Jim=C3=A9nez Jim=C3=A9nez n;quoted-printable:Jim=C3=A9nez Jim=C3=A9nez;Miguel J. org;quoted-printable:ISOTROL, S.A.;Sector P=C3=BAblico / Gestores de Contenidos adr;quoted-printable;quoted-printable;quoted-printable:Parque Tecnol=C3=B3gico Cartuja 93;;C/ Isaac Newton 3, 4=C2=AA;Sevilla;Sevilla;41092;Espa=C3=B1a email;internet:[EMAIL PROTECTED] title:Programador Senior tel;work:+34 955 036 800 (ext. 1805) tel;fax:+34 955 036 849 tel;cell:+34 607 44 87 64 x-mozilla-html:TRUE url:http://www.isotrol.com version:2.1 end:vcard
Re: SSH Question
On Thu, Oct 11, 2007 at 05:22:25PM +1000, Alex Samad wrote: try putty for windows no matter how much putty you apply, its still just windows! rimshot A signature.asc Description: Digital signature
Re: SSH Question
Hi, 2007/10/11, Telly Williams [EMAIL PROTECTED]: Hi, I see some of you talking about SSHing into your computer from another. What if the computer you're using isn't Linux/Unix? if you talk about the target computer being a windows host then cygwin has an ssh daemon, personally I use rdesktop for windows as the shell is pretty useless on windows imho. if you talk about another machine being windows and your home machine - being remote and the target google for putty hth martin -- http://noneisyours.marcher.name http://feeds.feedburner.com/NoneIsYours -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH Question
if you talk about the target computer being a windows host then cygwin has an ssh daemon, personally I use rdesktop for windows as the shell is pretty useless on windows imho. if you talk about another machine being windows and your home machine - being remote and the target google for putty hth martin But if I didn't want to be bothered with windows, or didn't feel safe using the (arbitrary) PC, I could load up something like Puppy from a USB, SSH into my computer, and then shutdown and load back up windows? Or is that too much work? -- Telly Williams Knowledge Is Power -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH Question
On Thu, Oct 11, 2007 at 06:48:26PM -0600, Telly Williams wrote: if you talk about the target computer being a windows host then cygwin has an ssh daemon, personally I use rdesktop for windows as the shell is pretty useless on windows imho. if you talk about another machine being windows and your home machine - being remote and the target google for putty hth martin But if I didn't want to be bothered with windows, or didn't feel safe using the (arbitrary) PC, I could load up something like Puppy from a USB, SSH into my computer, and then shutdown and load back up windows? sure. you could even roll your own puppy with your ssh keys (you do use pubkey auth, right?) included, stick it on a usb key and just keep it in your pocket. Or is that too much work? only you know what is too much work for you. ;-) A signature.asc Description: Digital signature
Re: ssh question
[EMAIL PROTECTED] wrote: All, I noticed today that openssh released version 2.9 Monday. Can someone tell me why debian is using 1.2.3-9.3. Is it that debian is only supporting ssh1, or is the version numbering just different? Thank you for your time. simple really. when openssh2 came out debian potato(stable) was already frozen. frozen means no new packages unless they are critical bug fixes. openssh2 is a huge upgrade and is not worth the risk for the current system. the next version of debian will have a newer version of openssh, not sure which one, check packages.debian.org to see which one is in the 'testing' distribution. nate -- ::: ICQ: 75132336 http://www.aphroland.org/ http://www.linuxpowered.net/ [EMAIL PROTECTED]
Re: ssh question
On Thu, May 03, 2001 at 11:50:43AM -0400, [EMAIL PROTECTED] wrote: I noticed today that openssh released version 2.9 Monday. Can someone tell me why debian is using 1.2.3-9.3. Is it that debian is only supporting ssh1, or is the version numbering just different? Thank you for your time. Potato was released some time ago. The OpenSSH maintainer can't go back in time with a copy of SSH 2.9 and add it to potato. Sid and woody, development versions of Debian, include more recent versions of OpenSSH (2.5.1p1 on woody) and are sure to include 2.9 soon. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpdtURABvtG3.pgp Description: PGP signature
Re: ssh question / 2nd post first did not work
On Thu, 14 Dec 2000, Andrew Hall wrote: This may be silly, but here goes. I have downloaded the new version os ssh due to the security announcement a little bit ago. Looking at its depends I see that it requires libz1 but I can not find that package anywhere on the debian site. I do have zlib1g installed. What's the difference between the two packages? Can anyone tell me why there would be that dependency to a package that as far as I can tell does not exist? Thanks for you time. Instead of downloading ssh, I suggest: apt-get install ssh This will load and install any packages ssh depends on automatically. Dwight
Re: ssh question
On Sun, 10 May 1998, G. Kapetanios wrote: Thanks for all the replys. The RSA keys method can be made not to ask for anything if you put no passphrase, and that is my question. I can do what I want without a passphrase. But is this safe ?? The man page of ssh-keygen says that if you put no passphrase YOU SHOULD KNOW WHAT YOU ARE DOING. This is the scary bit. The man page does not bother to explain what the consequences of no passphrase are. Does anyone know ?? Thanks George From my understanding (which is far from complete) ssh does its main authentication via two public/private keys (one for the server and one for the client). When you first connect via ssh there is a chalenge/answer session that goes on so that the server can confirm the identity of the client. Once this is confimed the session is encrypted and from there it is just like rsh. So the passphrase prompt you see is the same as you would get when using rsh from an untrusted client. Thus if the client truely is a 'trusted' host then you can set it up so that you don't need to enter the passphrase. This is alot safer than using rsh from a 'trusted' host, as you are not open to spoof attacks (where some other machine pretends to be the trusted host). On the other hand, I'm sure there are some *extremely* complicated ways to abuse the trust of the server to gain entry to the system from somewhere else - but if you trust your network enough to use rsh with no passphrase, then you will have no worries about using ssh with no passphrase. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh question
On Sun, May 10, 1998 at 09:15:07PM +0100, G. Kapetanios wrote:
Thanks for all the replys. The RSA keys method can be made not to ask for
anything if you put no passphrase, and that is my question. I can do what
I want without a passphrase. But is this safe ??
The man page of ssh-keygen says that if you put no passphrase YOU SHOULD
KNOW WHAT YOU ARE DOING. This is the scary bit. The man page does not
bother to explain what the consequences of no passphrase are. Does anyone
know ??
The danger is that someone gaining your private key by any means is able
to log in to any other machine that accepts that key.
What I do locally is put pass phrases on my private keys, but use
ssh-agent to start the system Xsession script. Then in .xsession, I run
ssh-add. Adter ssh-add returns, I try to start remote sessions.
The following is added to /etc/X11/Xsession just after the
/etc/environment clause:
if [ -x /usr/bin/ssh-agent ] ; then
if [ -z ${SSH_AGENT_PID} ] ; then
exec /usr/bin/ssh-agent $0
fi
fi
Then in your .xsession file, you may
ssh-add
xtoolwait ssh -n remote.host.name xterm -geometry +0-0 +sb +rv -e mutt -y
The ssh-agent process will hold the unencrypted private key in RAM, which
is more difficult for an intruder to read than from disk. The ssh-agent
dies when you log out as well.
This modification to Xsession has been submitted as part of wishlist
#15085 against xbase, but hasn't been acted on yet. The above would
probably also work at the top of a .xsession file, but I haven't tested it.
An alternative is to run ssh-agent and ssh-add from your
.login/.profile files, and save the output (export SSH_*=... lines) to a
temporary file for future sourcing. Email me if you want bash versions
(they're on an offline machine at the moment).
-Drake
--
Dr. Drake Diedrich, Research Officer - Computing, (02)6279-8302
John Curtin School of Medical Research, Australian National University 0200
Replies to other than [EMAIL PROTECTED] will be routed off-planet
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh question
Hi, Have you considered using the tcp wrapper support that ssh has? By the way, is the Debian ssh package compiled with tcp wrapper support? Anyway, assuming it is, if you really need to have an empty passphrase I would strongly suggest that you only allow secure shell logins from trusted machine which you can setup in your /etc/hosts.allow and /etc/hosts.deny file. Again, this assumes that the Debian package has tcp wrapper support compiled in to it or you compiled in tcp wrapper support yourself. -Ossama __ Ossama Othman [EMAIL PROTECTED] --- PGP Keys --- Public: http://astrosun.tn.cornell.edu/staff/othman/OO_PUBLIC.asc REVOKED: http://astrosun.tn.cornell.edu/staff/othman/OO_REVOKED.asc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh question
On Mon, May 11, 1998 at 01:16:55PM +1000, Drake Diedrich wrote: An alternative is to run ssh-agent and ssh-add from your .login/.profile files, and save the output (export SSH_*=... lines) to a temporary file for future sourcing. Email me if you want bash versions (they're on an offline machine at the moment). Here is my .xsession file: eval `ssh-agent` ssh-add fvwm2 When xdm starts, it asks for my user name and password, and then ssh asks for my passphrase. The info is stored in RAM and available for any shell in X. There may be some problems if you use a csh variant. ssh-agent seems to check the password file for your shell, but I think the .xsession is run under sh. Try changing eval `ssh-agent` to eval `ssh-agent -s` to get the correct type of variable assignments. I don't know if the csh problem was with xdm or startx or both. -- Lee Bradshaw [EMAIL PROTECTED] (preferred) Alantro Communications [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh question
On Sun, 10 May 1998, G. Kapetanios wrote: Hi all, After some security incident on my network I decided to set up ssh. I think I have figured most things of interest to me out. However, before I had rsh in ascript to start my mail program which is another host through FvwmButtons. Now that I disabled rsh I tried to figure a way to do the same with slogin. I figured the way but it involves setting authorisation keys without passphrases. How bad is this ? Am I loosing all security ? Am I better off with rsh in this case ? And another related wuestion: When I disabled rsh I simply chmoded the programs 700. Now I can't use rsh as a simple user (although I can as root) even if I set the permissions as they used to be. I get a message saying rcmd: socket: Permission denied Obviously the programs to set sssh involve some secure sockets. Is there a workaround or not for this ?? Thanks for any comment George ssh CAN replace both rsh and rlogin, To do things as you would with rsh, you use 'ssh command'. The trick is that you must first put the public keys for each system into either /etc/ssh or your .ssh directory (in the files ssh_known_keys or known_keys respectively). The easiest way to do this is to slogin from one machine to the other, and then do the same from the other machine back again - manually approving authentication each time (by the way - slogin is just an alias for ssh). Hope that helps, chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh question
ssh CAN replace both rsh and rlogin, To do things as you would with rsh, you use 'ssh command'. The trick is that you must first put the public keys for each system into either /etc/ssh or your .ssh directory (in the files ssh_known_keys or known_keys respectively). The easiest way to do this is to slogin from one machine to the other, and then do the same from the other machine back again - manually approving authentication each time (by the way - slogin is just an alias for ssh). yes, but even then ssh asks for a password, I've tried every authentication method described in the ssh man page, but I couldn't get it to login without manual authentication (with rsa keys it asks for the passphrase). The other thing I don't like about ssh is that it doesn't enforce the /etc/login.access /etc/limits or the comment field in /etc/passwd (which allows you to set the priority at which users processes run at).. As I have no real need to have my sessions encrypted, I see no advantage to using ssh over telnet.. pgphOHNgtWMMF.pgp Description: PGP signature
Re: ssh question
On Sun, May 10, 1998 at 03:28:40PM -0400, Norbert Veber wrote: yes, but even then ssh asks for a password, I've tried every authentication method described in the ssh man page, but I couldn't get it to login without manual authentication rhosts with RSA host authentication is what you wish. Be aware that there had been a ssh verision in the debian archives that didn't try this authentication. The current one is ok. You will need to have the other host id in your ~/.ssh/known_hosts and the name in ~/.shosts Works fine here. Nils -- *-* | Quotes from the net: L Linus Torvalds, W Winfried Truemper | | Lthis is the special easter release of linux, more mundanely called 1.3.84 | | WUmh, oh. What do you mean by special easter release?. Will it quit | * Wworking today and rise on easter? * pgp9Ee8OKaCN2.pgp Description: PGP signature
Re: ssh question
Thanks for all the replys. The RSA keys method can be made not to ask for anything if you put no passphrase, and that is my question. I can do what I want without a passphrase. But is this safe ?? The man page of ssh-keygen says that if you put no passphrase YOU SHOULD KNOW WHAT YOU ARE DOING. This is the scary bit. The man page does not bother to explain what the consequences of no passphrase are. Does anyone know ?? Thanks George On Sun, 10 May 1998, Norbert Veber wrote: ssh CAN replace both rsh and rlogin, To do things as you would with rsh, you use 'ssh command'. The trick is that you must first put the public keys for each system into either /etc/ssh or your .ssh directory (in the files ssh_known_keys or known_keys respectively). The easiest way to do this is to slogin from one machine to the other, and then do the same from the other machine back again - manually approving authentication each time (by the way - slogin is just an alias for ssh). yes, but even then ssh asks for a password, I've tried every authentication method described in the ssh man page, but I couldn't get it to login without manual authentication (with rsa keys it asks for the passphrase). The other thing I don't like about ssh is that it doesn't enforce the /etc/login.access /etc/limits or the comment field in /etc/passwd (which allows you to set the priority at which users processes run at).. As I have no real need to have my sessions encrypted, I see no advantage to using ssh over telnet.. --- George Kapetanios Churchill College Cambridge, CB3 0DSE-Mail: [EMAIL PROTECTED] U.K. WWW: http://garfield.chu.cam.ac.uk/~gk205/work_info.html --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH Question SOLVED.
Hope it's useful to some one out there... Why not make that a mini-HOWTO, and get it into a distribution somewhere? I fond a use for this, and so, IMHO, will others. Happy to... does anyone know how I go about doing this or if there is something already existant that it would be better added to? Adam. Internet Alaska -- 4050 Lake Otis Adam Shand(v) +1 907 562 4638 Anchorage, Alaska Systems Administrator (f) +1 907 562 1677 - http://larry.earthlight.co.nz --- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: SSH Question SOLVED
Following sent to Adam Shand [EMAIL PROTECTED]: Hi Adam; I suggest that you 'poke around' a bit at: http://fatman.mathematik.tu-muenchen.de/~schwarz/debian-doc/ (Debian Documentation Project) -bill Get free e-mail and a permanent address at http://www.netaddress.com -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: SSH Question...
On Thu, 06 Nov 1997 02:48:26 -0900 Adam Shand ([EMAIL PROTECTED]) wrote: I'm setting up an automated script which needs the functionality of rsh to execute some commands on a remote machine, and I need it to *not* prompt for a pasword. I know that I can do this with SSH using a .shosts file, but I would like to use one of SSH's additional methods of host authentication as well (to make it more secure against DNS pollution attacks etc). Is this possible to do and still not have to enter a password? Can anyone expain how or point me to relevant documentation? You want to use ssh-agent. This works like this: make a key pair with ssh-keygen put the public key in any server you want to be able to log in put the private key in any machine you want to log from put a .identity link in your .ssh directory run ssh-agent and ssh-askpass before running ssh/scp/slogin. You also want to read the ssh and ssh-agent manpages... Phil. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
