[Systers-dev] dev machine

[Jennifer Redman]

On Wed, Apr 28, 2010 at 10:24 PM, स्वक्ष <vid at svaksha.com> wrote:

>
>
> True, ssh login with pub/private key with passwords (passphrase:)) is
> usually what is recommended. I am not sure how systers server is setup
> as I am unable to login.
>
>
I'm sort of having difficulty understanding why you can't login into
dev,systers.org... ?

Did you try logging in with just a straight password?  I think the quickest
route at this point is to send me your public key (off-list) and I'll set
you up that way.  I'm not sure about the known_hosts problem.  I have gotten
bounced out of servers when known_host checking is set to strict (if the
host info has changed then the older host entry won't be overwritten) on my
client -- but my experience is that it's ok to over-write or even delete the
file since usually entries are re-added as you connect.

A couple of years ago there was a very big bug in openssl in Ubuntu that was
using the same algorithm over and over to generate key pairs -- resulting in
identical key-pairs (only 65,000 options for generating key-pairs -- it was
a seeding problem - across debian and ubuntu systems).  Part of the security
updates included preventing those non-random key-pairs from being used for
authentication.  Not sure if this is the case or not.

However, in the interest of getting things moving -- Svaksha -- you should
either 1) send me your public key and I'll create your .ssh dir for you on
dev.systers.org 2) log in using your password and either cut and paste your
pub key into ~/.ssh/authorized_keys or scp the key over to the server and
rename. 3) Just use password authentication.

You can also just generate a new key-pair if in doubt.

Meryll -- if you'd like to help with a security audit at some point -- sure!
  My attitude is generally on the dev machines that it's important to avoid
the whole "so secure I can't login" concept, but expert advice is always
appreciated and I welcome the opportunity to learn new techniques.

Jen