Re: attempts to hack in?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 01Jul2017 17:55, jdow <jdow@xxxxxxxxxxxxx> wrote:

On 2017-07-01 15:52, Cameron Simpson wrote:

On 01Jul2017 07:48, William Oliver <vendor@xxxxxxxxxxxxx> wrote:

On Fri, 2017-06-30 at 18:35 -0700, Rick Stevens wrote:

Uh, mount the USB stick somewhere and use something like:
   ssh -i /path/to/usb/stick/name-of-your-identity-file user@host

e.g.
   mkdir ~/usbstick
   mount /dev/sdb1 ~/usbstick
   ssh -i ~/usbstick/my_id_rsa_file rick@xxxxxxxxxxxx
If the mountpoint is always the same you can make this easier with a clause in your .ssh/config file, eg: 

Not very likely when I'm around, it seems. {^_-}
Yeah, almost never feasible with someone else's machine. I more brought this up to show how one can do a number of handy things with "wildcard" ssh clauses.
Oh yes: if you make a travelling key, it should be different to your home machine's key. That way it can be revoked (==> remove the public key from the relevant authorized_keys files).
Gee, thanks for that idea. I didn't know that was possible. I still feel uncomfortable about sticking a dongle of mine into a foreign machine. 

That's understandable. Would that they had hardware "readonly" switches.
Of course, you shouldn't be doing this with a foreign machine which you don't trust to some degree. With a USB stick or with a password, you've got to have faith that the machine isn't set up to capture your key and/or passphrase/password.
However, the USB key at least lets you carry a disposable key that you can use for remote access from a platform you trust.
I suppose if I could find a batch of small dongles I could set up "one time dongles" to cover that. Thanks for the information. I just got up and I have had my daily required learning experience. I guess I can go back to bed. Seriously, thanks. 

Glad to be of service.

Cheers,
Cameron Simpson <cs@xxxxxxxxxx>
All the doors in this ship have nice sunny dispositions. It is their pleasure to open for you, and their satisfaction to close with the knowledge of a job well done. - Marvin _The Hitchhiker's Guide to the Galaxy_ 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux