First you have to create a key. Although using a password to further protect your key is not obligatory, I personally very much recommend using a password:
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): xxxxxxxxxxx
Enter same passphrase again: xxxxxxxxxxx
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx user@host
Then you have to upload your public key to the remote host:
$cat /home/user/.ssh/id_rsa.pub |ssh user@host "cat >> .ssh/authorized_keys"
Before you connect to the remote host, you can use the following command:
$ ssh-add
Enter passphrase for /home/user/.ssh/id_rsa:
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)
This way you don't have to provide the password for your key each time you connect to the remote host.
Great page with some more very useful ssh tricks here.
Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Monday, May 19, 2008
Sunday, January 14, 2007
Connecting unpatched system to the internet
Did you know, if you fresh install windows XP or you bring a computer with preinstalled windows XP (doesn't hold for windows XP with SP2 integrated) from the store and you connect it to the internet, it will most likely be infected in just a couple of minutes, even though you won't even touch the keyboard or the mouse!
Why? A lot has been written about that:
http://news.com.com/Study:+Unpatched+PCs+compromised+in+20+minutes/2100-7349_3-5313402.html
http://aroundcny.com/technofile/texts/tec082904.html
http://www.techworld.com/security/news/index.cfm?NewsID=5535
How to defend yourself? Read the great tutorial from the sans's institute:
http://www.sans.org/reading_room/whitepapers/windows/1298.php (PDF file, 1,18 MByte)
Windows XP SP2 turned on the firewall by default, so it eliminated that problem. But you can still see users installing windows XP with SP1 after the infection, and wondering, why are they being infected again. And they surely believe the Windows Update is just another Microsoft invention, so they could spy on them using pirated version of windows.
Why? A lot has been written about that:
http://news.com.com/Study:+Unpatched+PCs+compromised+in+20+minutes/2100-7349_3-5313402.html
http://aroundcny.com/technofile/texts/tec082904.html
http://www.techworld.com/security/news/index.cfm?NewsID=5535
How to defend yourself? Read the great tutorial from the sans's institute:
http://www.sans.org/reading_room/whitepapers/windows/1298.php (PDF file, 1,18 MByte)
Windows XP SP2 turned on the firewall by default, so it eliminated that problem. But you can still see users installing windows XP with SP1 after the infection, and wondering, why are they being infected again. And they surely believe the Windows Update is just another Microsoft invention, so they could spy on them using pirated version of windows.
Browse safe with internet explorer
If you don't/hate to/can't use account with limited credentials for your normal work in windows, you can still use the following program which will run Internet Explorer and default mail agent with limited credentials:
http://www.amustsoft.com/1-defender/
Why is that useful: While browsing the internet you can come across malicious web site, which hosts exploits for your browser. If your browser is vulnerable, malicious things could be installed on your system (mostly spyware). By running the browser with limited credentials you can limit the impact of the infection, because the malware can't access important systems folders. For more info check the manufacturer's web site.
Some notes:
http://www.amustsoft.com/1-defender/
Why is that useful: While browsing the internet you can come across malicious web site, which hosts exploits for your browser. If your browser is vulnerable, malicious things could be installed on your system (mostly spyware). By running the browser with limited credentials you can limit the impact of the infection, because the malware can't access important systems folders. For more info check the manufacturer's web site.
Some notes:
- It changes the IE and mail agent's shortcuts on the desktop and quick launch toolbar
- It does more or less the same thing as Microsoft's DropMyRights, but it is a little more user-friendly
- Internet Explorer has to be set as default web browser (have know idea why)
- You won't be able to install active-x/plug-ins this way (ie. flash plugin), but you can of course still run IE normal way from shortcut in start menu
- 1-defender doesn't handle .html links, so if you double click on the .html or .htm, IE with full credentials will open.
Subscribe to:
Posts (Atom)