[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Loging in to mike

To: droege@snapmail.us, geoff@asri.org.au
Subject: Re: Loging in to mike
From: "Shawn Dvorak (RHO)" <rollinghillsobs@cfl.rr.com>
Date: Mon, 18 Oct 2004 06:43:57 -0400
Cc: tass <tass@listserv.wwa.com>
References: <200410181734.31719.geoff@asri.org.au><23320.66.32.215.229.1098093386.squirrel@www.snapmail.us>
Sender: owner-tass@listserv.wwa.com

Geoff's suggestion makes good sense.  To get in we already have to use ssh; 
the additional step of generating and using keys is pretty minor.  And, once 
the key is set up, no more password required - great for lazy folks like me. 
I use ssh on all my *nix systems at home - saves me 8 or 10 keystrokes every 
time I log in to one of them : )

Shawn


----- Original Message ----- 
From: <droege@snapmail.us>
To: <geoff@asri.org.au>
Cc: "tass" <tass@listserv.wwa.com>
Sent: Monday, October 18, 2004 5:56 AM
Subject: Re: Loging in to mike


> Geoff,
>
> Thank you.
>
> Such a scheme sounds good to me.  It is just the type of suggestion that I
> was soliciting.  Anyone have any comment?
>
> I would hope that the world was such that I could run wide open.  There is
> nothing on any of my computers that are connected to the net that I would
> not make public to the world.  But there are some out there that would
> just like to do damage, and I am subject to that.  Mostly the worst that
> could happen is that I would have to load a bunch of disks.  But that will
> soon take many days.
>
> Tom Droege
>
>> On Sat, 16 Oct 2004 03:55 am, droege@snapmail.us wrote:
>>> OK, you all should know that I don't know what I am doing.
>>>
>>> I just created the login worker with password ysduaup
>>
>> Hi Tom,  I'm a little concerned for your system with this level of
>> security.
>> Have you considered using disabled for password accounts that can only be
>> accessed by validated users ssh keys?
>>
>> ie.  You still have the one account called 'worker' - you cannot logon to
>> it
>> using a password so someone can try and guess the password till they turn
>> blue in the face (eg.  passwd -l worker;passwd -x 99999).   People who 
>> you
>> want to allow to access the 'worker' account send you their ssh public 
>> key
>> and you install it into the 'worker' ~/.ssh/authorized_keys2 file
>>
>> With that sort of approach you can control who you want to have access to
>>  your system, you don't have to worry about changing/distributing
>> passwords
>>  and having that password float into the hands of someone undesirable.
>>
>> It does depend on everyone being familiar and comfortable using ssh keys
>> rather than passwords.
>>
>> I can provide more details if required.
>>
>> -goc-
>>
>>
>>
>
>
>

References:
- Re: Loging in to mike
  - From: "Geoff O'Callaghan" <geoff@asri.org.au>
- Re: Loging in to mike
  - From: droege@snapmail.us

Prev by Date: Re: Loging in to mike
Next by Date: Re: Loging in to mike
Prev by thread: Re: Loging in to mike
Next by thread: Re: Loging in to mike
Index(es):
- Date
- Thread