Ogden Area Linux Users Group Google Group

Suggestions for adding and timing out ssh private keys?

whitei...@gmail.com (Seth House) — Thu, 31 Dec 2009 21:39:15 UT

The way I am currently using ssh-agent is by starting it when I start
a GNU screen session and manually adding my private key with ssh-add.
(This method has the side-benefit of also killing the agent when I
detach screen for added security.)
Lately I've been thinking that I should also add a default timeout

SSH authentication in the clear

aaron.topo...@gmail.com (Aaron Toponce) — Mon, 21 Dec 2009 18:42:07 UT

First, if an attacker has physical access to a machine, all bets are
off. Period.
Second, read up on this blog post by Joseph Hall:
[link]
Third, realize that root can do _anything_ on a machine he pleases. The
best approach that I'm aware of is an RBAC-based system, like something

Re: PuTTY SSH Keys

aaron.topo...@gmail.com (Aaron Toponce) — Mon, 21 Dec 2009 18:33:16 UT

I figured this out, in case anyone is curious. With the PuTTY suite of
utilities, provided is a tool called 'PuTTYGen'. It generates SSH keys
for SSH key authentication, but it is its own thing, which is not
compatible with OpenSSH or SSH.com key agents.
In that utility, load up your private key, then you can export it to an

Meeting tonight canceled

whitei...@gmail.com (Seth House) — Wed, 09 Dec 2009 00:18:04 UT

In light of the weather, I think it is best to bag the meeting
tonight.

See you all in January!

Re: [oalug] Reminder: meeting tomorrow

rol...@gmail.com (Roly C.) — Tue, 08 Dec 2009 22:25:08 UT

I won't be there this time :(

Reminder: meeting tomorrow

whitei...@gmail.com (Seth House) — Mon, 07 Dec 2009 18:43:27 UT

Reminding you about our December meeting tomorrow night. (We're
avoiding holiday conflicts with our regular meeting time by doing this
mid-month.)

This is a social meeting; there will not be a presentation. So come
just to talk shop. If you have Linux questions, bring those too!

See you there.

Re: [oalug] Re: [ubuntu-us-ut] Ubuntu's default groups

blendmaster1...@gmail.com (Christian Horne) — Fri, 04 Dec 2009 15:48:53 UT

i have been messing around with the internals of ubuntu lately, and
i'm liking it more and more as i learn how it works. it's designed to
be easily scalable, for instance you could make your desktop machine
into a shell server JUST by installing ssh, it's designed so that it
is already ready for use as a shell server. or if you want a web

Re: [oalug] Re: [ubuntu-us-ut] Ubuntu's default groups

mellowcellofel...@gmail.com (Joshua Gardner) — Fri, 04 Dec 2009 14:20:14 UT

Well, look at that. First it was "Ubuntu uses too many groups and is
trying to be too much like Windows and not UNIX-like enough." Now it's
come full circle and Ubuntu is being too UNIX-y using groups instead
of pam.

lol

-Josh

--
Society loses the value of things which are uselessly destroyed.

Re: [oalug] Re: [ubuntu-us-ut] Ubuntu's default groups

sjan...@buscaluz.org (Stuart Jansen) — Fri, 04 Dec 2009 13:38:20 UT

No, it isn't great. It implies constant access to the hardware. Red Hat
using pam_console and SUSE using pam_(mumble) can have more fine grained
access control. For example, RH configures pam_console so that only
local logins get access to the sound card, whereas remote logins don't.
In other words, no need to worry about some joker SSH-ing into all the

Re: [oalug] Re: [ubuntu-us-ut] Ubuntu's default groups

tbol3...@gmail.com (Leif Andersen) — Fri, 04 Dec 2009 05:08:50 UT

Hm... Actually, I'm beginning to think that I am, lol. I just had a 20
min. argument with my father, and apperently he thinks groups are a really
grate way of organising who has access to what hardware. I guess I'm just
too young to really understand the thinking behind the original designers.

Re: [oalug] Re: [ubuntu-us-ut] Ubuntu's default groups

b...@solv.com (brandon) — Fri, 04 Dec 2009 04:46:53 UT

I think it has nothing to do with intuition, and everything to do with
using groups as DAC ACLs. I have never actually seen it in action, but
I suspect they are just using groups... as groups. The whole DAC model
in action.

Ideally, you never actually have to deal with it because the software

Re: [ubuntu-us-ut] Ubuntu's default groups

tbol...@gmail.com (Leif Andersen) — Fri, 04 Dec 2009 04:28:56 UT

Hmm...interesting, so am I really the only person that thinks having a
'scanner group' is really not intuitive in the least?

~Leif
----------
Did you like this rant? You can find more at:
[link]

Re: [oalug] Re: [ubuntu-us-ut] Ubuntu's default groups

aaron.topo...@gmail.com (Aaron Toponce) — Fri, 04 Dec 2009 04:12:11 UT

How is what Ubuntu different from Debian or Fedora? I'm referring to
permission modes on hardware.
Then why not move /dev/console to tty7?
I guess I'll have to take a closer look at pam_console. This makes a
little sense, I guess.

Re: [oalug] Re: [ubuntu-us-ut] Ubuntu's default groups

oa...@karras.net (Jonathan Karras) — Fri, 04 Dec 2009 01:58:26 UT

While checking groups you should compare /dev/ permissions. Maybe the
audio/cdrom devices are part of the users group on those other
distros.

Jonathan

Re: [oalug] Re: [ubuntu-us-ut] Ubuntu's default groups

sjan...@buscaluz.org (Stuart Jansen) — Fri, 04 Dec 2009 00:02:37 UT

Are you forgetting about pam_console and friends? Setting permissions on
devices is an important part of letting the kernel do its job.

The stated reason for the change was not boredom, it was "to avoid
flicker". I think that's baloney, but it still kills your example.

Maybe I want to be able to use my cdrom, scanner and soundcard but I