Re: TIPS FOR THE NEWCOMER

From: Greg Wooledge (wooledg_at_eeg.ccf.org)
Date: 06/17/03

  • Next message: Anurag Bhatia: "PAM based authentication?"
    Date: Tue, 17 Jun 2003 13:48:33 -0400
    To: "Zieg, Mark" <mark.zieg@lmco.com>
    
    

    On Tue, Jun 17, 2003 at 10:34:47AM -0400, Zieg, Mark wrote:

    > > 1. This command created both a private and public keys. Will it be
    > > advisable if I remove the id_rsa (private) from /home/servie and put in
    > > a safe place such a floppy, just in case, in the event my user account
    > > has been compromised?
    >
    > If your account gets compromised, then the hacker has your private key, and
    > thus your keypair is compromised. Therefore, you wouldn't want to continue
    > using your old private key, so there's no point in keeping a backup.

    Check the paragraph again; Servie is saying that the floppy would be
    used *instead* of ~/.ssh for storing the public key. I've heard of
    other people using a USB storage keyring for similar purposes. The
    tricky part here is making the access as convenient as possible (e.g.
    automounting the removable device when ~/.ssh/id_rsa.pub is accessed,
    possibly using a symlink, etc.).


  • Next message: Anurag Bhatia: "PAM based authentication?"

    Relevant Pages

    • Re: password recovery
      ... I then walked him through both the creating a CD and boot floppy ... running nusrmgr.cpl he should type "control userpassword2" ... accounts arent disabled or to create a new user account. ...
      (microsoft.public.windowsxp.general)
    • Re: Stolen Notebook and Password Security
      ... > had some brains to implement a BIOS password after he ... > disabled the ability to boot from CD & Floppy. ... >>user account, both of which have a password. ...
      (microsoft.public.win2000.security)
    • Re: password recovery
      ... I then walked him through both the creating a CD and boot floppy ... running nusrmgr.cpl he should type "control userpassword2" ... accounts arent disabled or to create a new user account. ...
      (microsoft.public.windowsxp.general)
    • Re: Please Help with Encrypted Folder
      ... > There would only be a backup of your EFS private key if you had made one ... > it via normal means since the user account associated with it is gone though ... And how can I find this backup of my EFS private ...
      (microsoft.public.windowsxp.security_admin)
    • Re: ssh clarification needed
      ... copy the private key to a different machine or user account ... This allows many systems which have copies of a given private key to execute a single command on a remote system over an encrypted link. ... On the other hand, you could have a unique key for each, and use a shared private key via the "-i" option to perform normal operations, while preserving the ability to have distinct keys for connection to some other systems. ...
      (Fedora)