Re: updating openssh
my flaw. no way to generate private key out of the public key. yes, I indeed didn't quite comprehend the maths involved in RSA. still looking for an easy and safe way to access the private key safely from my linux remotely... which sounds like a chicken-and-egg problem with security. m.w.chang wrote: > let me try to publish the public key instead. > > I forgot whether puttygen.exe could produce the private key from the > public key. I need to use the private key to connect to my linux's > openssh. -- Swiftly. Silently. Invisibly. .~. In Linux We Trust. news://news.hkpcug.org/ v \ http://www.linux-sxs.org news://news.linux.org.hk /( _ )\ http://www.linuxfromscratch.org ^ ^ http://beyond.linuxfromscratch.org For starters: http://new.linuxnow.com/tutorial/preface.html ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
let me try to publish the public key instead. I forgot whether puttygen.exe could produce the private key from the public key. I need to use the private key to connect to my linux's openssh. I could buy a cheap 64M USB storage to keep my own key. but it would be nice to put it inside my mobile phone ... but any windows hacking program could copy keys easier over the networking stack. Net Llama! wrote: > You said that you were sending your private key all over the place. No, > you definitely can't crack a private key from the public, other than brute > forcing, which doesn't really count. > -- Swiftly. Silently. Invisibly. .~. In Linux We Trust. news://news.hkpcug.org/ v \ http://www.linux-sxs.org news://news.linux.org.hk /( _ )\ http://www.linuxfromscratch.org ^ ^ http://beyond.linuxfromscratch.org For starters: http://new.linuxnow.com/tutorial/preface.html ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
you need a passord to use the private key... hmm...I thought you guys were talking about hacking the password out of the private key. that's dictionary hack, I believe, which may be easier. Net Llama! wrote: > THe key length is irrelevant if you're sending your private key over the > wire. Nothing needs to be cracked if they get your private key. > -- Swiftly. Silently. Invisibly. .~. In Linux We Trust. news://news.hkpcug.org/ v \ http://www.linux-sxs.org news://news.linux.org.hk /( _ )\ http://www.linuxfromscratch.org ^ ^ http://beyond.linuxfromscratch.org For starters: http://new.linuxnow.com/tutorial/preface.html ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
THe key length is irrelevant if you're sending your private key over the wire. Nothing needs to be cracked if they get your private key. On Sun, 12 Jan 2003, M.W. Chang wrote: > that's a 1024-bit kit. it's not supposed to be that easy to hack it, > right? I never consider yahoo to be safe. :P > > > email account to be secure I hope. Any wannabe script kiddie will crack > > that account in less than a minute, grabbing your private key, checking > > the header for the originating ip address, and 10 seconds later sitting > > at a command prompt as root. Don't expect a flood of offers as a > > SysAdmin anytime soon. > > > > -- ~~ Lonni J Friedman[EMAIL PROTECTED] Linux Step-by-step & TyGeMo http://netllama.ipfox.com ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
You said that you were sending your private key all over the place. No, you definitely can't crack a private key from the public, other than brute forcing, which doesn't really count. On Sun, 12 Jan 2003, M.W. Chang wrote: > hmm.. can tbe private key be worked out from the public key? I couldn't > quite remember. if yes, I circulate the public key instead. I don't want > to carry the key around. > > Net Llama! wrote: > > I don't think you understand the concept of a private key if you're > > emailing all over creation. > > -- ~~ Lonni J Friedman[EMAIL PROTECTED] Linux Step-by-step & TyGeMo http://netllama.ipfox.com ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
that's a 1024-bit kit. it's not supposed to be that easy to hack it, right? I never consider yahoo to be safe. :P > email account to be secure I hope. Any wannabe script kiddie will crack > that account in less than a minute, grabbing your private key, checking > the header for the originating ip address, and 10 seconds later sitting > at a command prompt as root. Don't expect a flood of offers as a > SysAdmin anytime soon. > -- .~.Might, Courage, Vision. In Linux We Trust. / v \ http://www.linux-sxs.org /( _ )\ Linux 2.4.20 ^ ^10:24pm up 11:10, 1 user, load average: 1.06, 1.01, 1.00 ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
hmm.. can tbe private key be worked out from the public key? I couldn't quite remember. if yes, I circulate the public key instead. I don't want to carry the key around. Net Llama! wrote: > I don't think you understand the concept of a private key if you're > emailing all over creation. -- .~.Might, Courage, Vision. In Linux We Trust. / v \ http://www.linux-sxs.org /( _ )\ Linux 2.4.20 ^ ^10:26pm up 11:12, 1 user, load average: 1.00, 1.00, 1.00 ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
m.w.chang wrote: whenever I change the key, I emailed my yahoo account the new private key. putty can be downloaded from anywhere. Another approach is to the web server. I don't carry any USB storage device. I prefer to get everything from the net, including my private key. :) Jesus Christ! You're putting your private key out on the net for anyone to download? You're either insane or just plain stupid. Why don't you just post your ip address and root password(s) to a web page? It's the same end result. All it takes is a passwordless key in your authorized_keys file and you're owned. You surely don't consider a Yahoo email account to be secure I hope. Any wannabe script kiddie will crack that account in less than a minute, grabbing your private key, checking the header for the originating ip address, and 10 seconds later sitting at a command prompt as root. Don't expect a flood of offers as a SysAdmin anytime soon. -- Andrew Mathews - 9:41am up 10 days, 14:03, 9 users, load average: 1.00, 1.03, 1.08 - Dime is money. ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
I don't think you understand the concept of a private key if you're emailing all over creation. On Wed, 8 Jan 2003, m.w.chang wrote: > whenever I change the key, I emailed my yahoo account the new private > key. putty can be downloaded from anywhere. Another approach is to the > web server. > > I don't carry any USB storage device. I prefer to get everything from > the net, including my private key. :) > > >> the only hussles is the key. I have to figure out a way to let me access > >> my private key anywhere in the internet when I need it. > > > > Huh? Your private key should be on the box that you're coming from. > > -- ~~ Lonni J Friedman[EMAIL PROTECTED] Linux Step-by-step & TyGeMo http://netllama.ipfox.com ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
whenever I change the key, I emailed my yahoo account the new private key. putty can be downloaded from anywhere. Another approach is to the web server. I don't carry any USB storage device. I prefer to get everything from the net, including my private key. :) >> the only hussles is the key. I have to figure out a way to let me access >> my private key anywhere in the internet when I need it. > > Huh? Your private key should be on the box that you're coming from. -- Swiftly. Silently. Invisibly. .~. In Linux We Trust. news://news.hkpcug.org/ v \ http://www.linux-sxs.org news://news.linux.org.hk /( _ )\ http://www.linuxfromscratch.org ^ ^ http://beyond.linuxfromscratch.org For starters: http://new.linuxnow.com/tutorial/preface.html ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
On Tue, Jan 07, 2003 at 04:00:26PM +0800, m.w.chang wrote: >while sshd is active, can one rpm -e openssh and use checkinstall? I haven't tried that, but have frequently done an ``rpm -U'' on running systems on ssh without difficulties. I manually killed off the master sshd process, and started a new one while logged in via ssh without nuking my session. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ ``Intellectually, teachers fall between education theorists and bright cocker spaniels. (Probably closer to the education theorists. The AKC has been doing wonders with spaniels.) If you think I'm kidding look at the GREs for education majors, whose scores are the lowest of all fields, and remember that these are the smart ones.'' -- http://www.FredOnEverything.net ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
On Tue, 7 Jan 2003, m.w.chang wrote: > my telnet is set to work on LAN only (not over the internet). just in I assume you've set this up so that telnet is only listening on an interface that is internal. > case but if I cuold use openssh only, I would rpm -e the telnet daemon. > > the only hussles is the key. I have to figure out a way to let me access > my private key anywhere in the internet when I need it. Huh? Your private key should be on the box that you're coming from. > > Net Llama! wrote: > > Well, obviously its a bad idea, but why can't you fall back to telnet now? > > > > At any rate, i think until you HUP the daemon, it will continue to run > > while its being upgraded. At least the newer versions do. > > -- ~~ Lonni J Friedman[EMAIL PROTECTED] Linux Step-by-step & TyGeMo http://netllama.ipfox.com ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
No. Since when do you upgrade a package by removing it? SUrely you mean rpm -Uvh openssh. On Tue, 7 Jan 2003, m.w.chang wrote: > while sshd is active, can one rpm -e openssh and use checkinstall? > > stayler wrote: > > Done it a couple times. Just cron a restart of sshd for a few minutes > > later then kill sshd after the make install, plus editing of > > sshd_config of course... > > > > -- ~~ Lonni J Friedman[EMAIL PROTECTED] Linux Step-by-step & TyGeMo http://netllama.ipfox.com ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
For older versions of openssh. On Tue, 7 Jan 2003, m.w.chang wrote: > I barely remembere that the moment you rpm -e sshd, your last openssh > session would be killed./ > > stayler wrote: > > On Tue, 07 Jan 2003 16:00:26 +0800, m.w.chang wrote: > > > >>while sshd is active, can one rpm -e openssh and use checkinstall? > > > > That I can't say. Since I went over to Slackware, I've been tarballing > > things. > > > > stayler > > > > -- ~~ Lonni J Friedman[EMAIL PROTECTED] Linux Step-by-step & TyGeMo http://netllama.ipfox.com ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
On Tue, 07 Jan 2003 16:00:26 +0800, m.w.chang wrote: >while sshd is active, can one rpm -e openssh and use checkinstall? That I can't say. Since I went over to Slackware, I've been tarballing things. stayler ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
I barely remembere that the moment you rpm -e sshd, your last openssh session would be killed./ stayler wrote: On Tue, 07 Jan 2003 16:00:26 +0800, m.w.chang wrote: while sshd is active, can one rpm -e openssh and use checkinstall? That I can't say. Since I went over to Slackware, I've been tarballing things. stayler -- .~.Might, Courage, Vision. In Linux We Trust. / v \ http://www.linux-sxs.org /( _ )\ Linux 2.4.20 ^ ^9:58pm up 1 day, 40 min, 0 users, load average: 1.00, 1.00, 1.00 ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
my telnet is set to work on LAN only (not over the internet). just in case but if I cuold use openssh only, I would rpm -e the telnet daemon. the only hussles is the key. I have to figure out a way to let me access my private key anywhere in the internet when I need it. Net Llama! wrote: > Well, obviously its a bad idea, but why can't you fall back to telnet now? > > At any rate, i think until you HUP the daemon, it will continue to run > while its being upgraded. At least the newer versions do. -- Swiftly. Silently. Invisibly. .~. In Linux We Trust. news://news.hkpcug.org/ v \ http://www.linux-sxs.org news://news.linux.org.hk /( _ )\ http://www.linuxfromscratch.org ^ ^ http://beyond.linuxfromscratch.org For starters: http://new.linuxnow.com/tutorial/preface.html ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
while sshd is active, can one rpm -e openssh and use checkinstall? stayler wrote: > Done it a couple times. Just cron a restart of sshd for a few minutes > later then kill sshd after the make install, plus editing of > sshd_config of course... > -- Swiftly. Silently. Invisibly. .~. In Linux We Trust. news://news.hkpcug.org/ v \ http://www.linux-sxs.org news://news.linux.org.hk /( _ )\ http://www.linuxfromscratch.org ^ ^ http://beyond.linuxfromscratch.org For starters: http://new.linuxnow.com/tutorial/preface.html ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
On Mon, 6 Jan 2003, Net Llama! wrote: > Well, obviously its a bad idea, but why can't you fall back to telnet now? > > At any rate, i think until you HUP the daemon, it will continue to run > while its being upgraded. At least the newer versions do. > > On 01/06/03 20:12, m.w.chang wrote: > > > > how could one upgrade openssh if openssh is the only remote shell > > available on a linux server? I always fell back to telnet when I needed > > to update openssh. I have done this with rpm when upgrading openssh. This first time, I did it blithely not realizing at that moment the potential "screw myself" effect. About 5 minutes after the fact my brain finally realized what I had done and said "hey, Hey, HEY!". But it worked. ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
Done it a couple times. Just cron a restart of sshd for a few minutes later then kill sshd after the make install, plus editing of sshd_config of course... On Tue, 07 Jan 2003 12:12:30 +0800, m.w.chang wrote: >how could one upgrade openssh if openssh is the only remote shell >available on a linux server? I always fell back to telnet when I needed >to update openssh. ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: updating openssh
Well, obviously its a bad idea, but why can't you fall back to telnet now? At any rate, i think until you HUP the daemon, it will continue to run while its being upgraded. At least the newer versions do. On 01/06/03 20:12, m.w.chang wrote: how could one upgrade openssh if openssh is the only remote shell available on a linux server? I always fell back to telnet when I needed to update openssh. -- ~ L. Friedman [EMAIL PROTECTED] Linux Step-by-step & TyGeMo: http://netllama.ipfox.com 8:10pm up 23 days, 3:18, 2 users, load average: 0.31, 0.21, 0.24 ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users