Information Security Help!!!
use pgp instead of ssh passwords? ha ha! there's no end to the depths of your ignorance. i pity the people who have to rely on you at work.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
the linked article is worth reading.securitykid wrote:I like your signature
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
we should not use passwords for ssh?? that means, ssh is not secured?x2oxen wrote:Thanks for your comprehensive reply guys. But all forgot to mention a really major point that is we should not use passwords for ssh logins cause any smart middle man can detect it and can harm us. We should always go for PGP and Public-Key Cryptography that will make our systems far away secure than using plain passwords.
this post really instigating me to know about that person? who suggested you to use PGP, instead of ssh usage. or may be i didn't know that, there are some sniffers exist, that sniff your encrypted ssh logins, i would like to have such programs in my toolkit.
correct me, if i am wrong, i would like to increase my skills with your precious replies and suggestions.
Saad Khan wrote:we should not use passwords for ssh?? that means, ssh is not secured?x2oxen wrote:Thanks for your comprehensive reply guys. But all forgot to mention a really major point that is we should not use passwords for ssh logins cause any smart middle man can detect it and can harm us. We should always go for PGP and Public-Key Cryptography that will make our systems far away secure than using plain passwords.
this post really instigating me to know about that person? who suggested you to use PGP, instead of ssh usage. or may be i didn't know that, there are some sniffers exist, that sniff your encrypted ssh logins, i would like to have such programs in my toolkit.
correct me, if i am wrong, i would like to increase my skills with your precious replies and suggestions.
Have you ever heard about key logger saad??
In some cases we need to let others access our servers as well for some certain passwords and we do not want to disclose our passwords to them. PGP & Public key encryptography is the best option and uncrackable until now.
-
- Naik
- Posts: 70
- Joined: Sat Oct 20, 2007 5:18 am
Guys,
Its ok,
I understand what you were saying, actually SSH works with somewhat same mechanism that you were referring to. Correct!, Public Key cryptography and SSL, etc will protect the data theft/temper on wire/transmission. (Man-in-Middle), (Monkey-in-Middle).
Read this to know more about how ssh works:
http://www.eng.cam.ac.uk/help/jpmg/ssh/ssh-detail.html
BUT what if a stealth key logger is tracking your keys?,
there is a way to even protect it, Any one interested? let me know I will describe how to combat with key loggers which cannot be fixed/clean/detected by traditional AVs.
I hope this helps you...
I strongly discourage " Behas brai Behas " if this argues are constructive they are welcome to post.
Thanks
Its ok,
I understand what you were saying, actually SSH works with somewhat same mechanism that you were referring to. Correct!, Public Key cryptography and SSL, etc will protect the data theft/temper on wire/transmission. (Man-in-Middle), (Monkey-in-Middle).
Read this to know more about how ssh works:
http://www.eng.cam.ac.uk/help/jpmg/ssh/ssh-detail.html
BUT what if a stealth key logger is tracking your keys?,
there is a way to even protect it, Any one interested? let me know I will describe how to combat with key loggers which cannot be fixed/clean/detected by traditional AVs.
I hope this helps you...
I strongly discourage " Behas brai Behas " if this argues are constructive they are welcome to post.
Thanks
SecurityKID-ITdotCOM
Security Every Where! BUT where?
Security Every Where! BUT where?
-
- Naik
- Posts: 70
- Joined: Sat Oct 20, 2007 5:18 am
Hey Guys,
Any one look at the URL that I post in my earlier post?
http://www.masterofit.net/index.php?filter=deck&cid=1
Any comments?
Thanks
Any one look at the URL that I post in my earlier post?
http://www.masterofit.net/index.php?filter=deck&cid=1
Any comments?
Thanks
SecurityKID-ITdotCOM
Security Every Where! BUT where?
Security Every Where! BUT where?
-
- Naik
- Posts: 70
- Joined: Sat Oct 20, 2007 5:18 am
If any one can install a key logger on your system, he can easily copy/use your keys as well. Using keys are just an option and wont help you in securing anything.x2oxen wrote: Have you ever heard about key logger saad??
In some cases we need to let others access our servers as well for some certain passwords and we do not want to disclose our passwords to them. PGP & Public key encryptography is the best option and uncrackable until now.
--SP--
your answer is Not to much useful. i never use pgp keys authentication for security or escape from key loggers. well reasone behind usage of ssh keys for me is .....x2oxen wrote: Have you ever heard about key logger saad??
In some cases we need to let others access our servers as well for some certain passwords and we do not want to disclose our passwords to them. PGP & Public key encryptography is the best option and uncrackable until now.
I dont want to change servers password every time when a person leaves my orgnization.
I dont want to remember all unique and strong type of password.
I dont want to keep them in a file or open that file while some one reading it from my shoulder.
and it requires no time to log me in on server
ignore him. really. there's no reason to set up and use pgp for ssh authentication. just use the ssh-keygen generated keys, like everyone else. the tools and processes for using pgp keys with ssh are not as mature as ssh-keygen's.Saad Khan wrote:who suggested you to use PGP, instead of ssh usage. or may be i didn't know that, there are some sniffers exist, that sniff your encrypted ssh logins, i would like to have such programs in my toolkit.
if you want more details, read the post i made several months ago in the howto subforum.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
i wish i could be certain about what this means. it's as confusing as most of your advice, if not as flawed.x2oxen wrote:Your any further post ain't gonna make any different to me cause don't pay attention to edicts word's and you are high at your knowledge for sure!
that's okay with me, you know? you can keep ignoring my comments about how dumb your suggestions are.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?