For those who attended this evening's presentation and didn't right down the terminal commands, I've output the presentation to pdf. http://www.wlug.org.nz/~cmoman/ssh_presentation/ssh_presentation_20090524.pd... Cheers, Chris
The slides for my history of the blade, err history of the wiki, talk are here: http://www.wlug.org.nz/~gnubie/wlug-bladserver-2009525.pdf In case you want to click on some of the links I included there. Also wanted to say Bruce did a good job of demonstrating koroaa, our second/backup blade server. I was encouraged to see the blade booting up and initiate the pxe boot sequence over the iLO interface. The purpose of this last meeting was to let people know if you want to get more involved with the LUG, other than attending meetings or joining the committee, there are several ways to do that: * Contribute to the wiki: http://wlug.org.nz/WikiIntro (For instance I think that page could be improved) * Get a user account on our server: http://wlug.org.nz/WlugServer * Help out with administrative work needed on the server: http://www.wlug.org.nz/WlugSysadmins (Those of you who mentioned being interested in this, see the "New admins wanted" section on that page.) * Last but not least, we are starting to plan for Software Freedom Day 2009. We have started organizing this here: http://www.wlug.org.nz/SoftwareFreedomDay2009 Now is a good time to get involved with that, feel free to edit that page and offer your suggestions, or contact one of the committee members about how you would like to help out: http://www.wlug.org.nz/WlugCommittee Thanks, John Billings Chris O'Halloran wrote:
For those who attended this evening's presentation and didn't right down the terminal commands, I've output the presentation to pdf.
http://www.wlug.org.nz/~cmoman/ssh_presentation/ssh_presentation_20090524.pd...
Cheers,
Chris _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
2009/5/26 John Billings <john(a)nimhq.net>
The slides for my history of the blade, err history of the wiki, talk are here:
In case you want to click on some of the links I included there.
Also wanted to say Bruce did a good job of demonstrating koroaa, our second/backup blade server. I was encouraged to see the blade booting up and initiate the pxe boot sequence over the iLO interface.
The purpose of this last meeting was to let people know if you want to get more involved with the LUG, other than attending meetings or joining the committee, there are several ways to do that:
* Contribute to the wiki:
(For instance I think that page could be improved)
* Get a user account on our server:
* Help out with administrative work needed on the server:
http://www.wlug.org.nz/WlugSysadmins
(Those of you who mentioned being interested in this, see the "New admins wanted" section on that page.)
* Last but not least, we are starting to plan for Software Freedom Day 2009. We have started organizing this here:
http://www.wlug.org.nz/SoftwareFreedomDay2009
Now is a good time to get involved with that, feel free to edit that page and offer your suggestions, or contact one of the committee members about how you would like to help out:
http://www.wlug.org.nz/WlugCommittee
Thanks, John Billings
Chris O'Halloran wrote:
For those who attended this evening's presentation and didn't right down the terminal commands, I've output the presentation to pdf.
Cheers,
Chris _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
_______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug
http://linuxshellaccount.blogspot.com/2009/05/snooping-for-usernames-and-pas... An article and script describing how to snoop on an SSH session and recover the username and password... this would be one of a number of reasons why the WLUG server only allows key-based authentication. ;) -- This email is for the intended recipient only. If you are not the intended recipient you must burn your computer, while standing on one foot and chanting the entire jabberwocky. The opinions expressed here are not necessarily the opinions of the person who expressed them.
Bruce Kingsbury wrote:
http://linuxshellaccount.blogspot.com/2009/05/snooping-for-usernames-and-pas...
An article and script describing how to snoop on an SSH session and recover the username and password... this would be one of a number of reasons why the WLUG server only allows key-based authentication. ;)
Hmm - it seems that once again it is proved that security only keeps honest people out! J
An article and script describing how to snoop on an SSH session and
recover the username and password... this would be one of a number of reasons why the WLUG server only allows key-based authentication. ;)
Hmm - it seems that once again it is proved that security only keeps honest people out!
Not at all; this article shows how far SSH raises the bar. It's only possible to recover passwords this way if you already have root access on the box being SSHed into, as opposed to telnet where anyone along the path can trivially capture packets. And if you're using key-based authentication (as hoiho does) the only thing sent to the server is a one-time random challenge which cannot be reused for any subsequent login. It's impressive that SSH can provide security to the point that even the admins of the box you're connecting to (or a malicious attacker who's gained root access) can only authenticate you, but don't get given enough information to impersonate you on other servers where you're using the same key pair. -- This email is for the intended recipient only. If you are not the intended recipient you must burn your computer, while standing on one foot and chanting the entire jabberwocky. The opinions expressed here are not necessarily the opinions of the person who expressed them.
participants (4)
-
Bruce Kingsbury -
Chris O'Halloran -
James Pluck -
John Billings