Tag Archives: Security

UK Government To Demand Data On Every Call And Email

[techweekeurope.co.uk] UK Government To Demand Data On Every Call And Email

Plans could force ISPs and phone operators to hand over records on all phone calls, emails, Tweets and Facebook messages

[telegraph.co.uk] Phone and email records to be stored in new spy plan

Details of every phone call and text message, email traffic and websites visited online are to be stored in a series of vast databases under new Government anti-terror plans.

This story also made the Slashdot front page.

Setting Up SSH Keys

Here is my attempt at a very quick and dirty guide to setting up SSH Keys using OpenSSH. If you are looking for a way to securely login to one or more boxes, without being prompted for your password every time, then using SSH Keys is probably your best bet.

Here we go..

Using SSH keys allows you to SSH from one host to another in a more secure manner, or (optionally) without the need for a password.

Lets name our example hosts:

  • local host is called my_pc
  • remote host is called devhost



On my_pc (the host you are SSH’ing from):

ssh-keygen -t dsa

This will generate two files (a key pair), for example:

id_dsa – this is your private key
id_dsa.pub – this is your public key

ssh-keygen will ask you for a password/pass-phrase. At this point, you can enter a pass-phrase, or just hit [enter] to use a blank password.

  • Note: if you are creating a key for a user account, you should always use a pass-phrase! Only consider omitting pass-phrases when the key is being used for one-off automated system to system transactions.

If you haven’t done so already, give your private key a descriptive name, like my_pc.id_dsa.

If it doesn’t exist, create the file ‘~/.ssh/config‘, with the following contents:

Host devhostIdentityFile ~/.ssh/my_pc.id_dsa

Note that the ‘config‘ file can be configured with multiple private keys. Make sure that devhost is resolvable by hostname, or this will not work.

(Note: I’ve had some trouble using IP’s in the ‘config‘ file)

Make sure that ‘my_pc.id_dsa‘ is only readable/writeable by it’s owner. Make sure that ‘config‘ is only writable by it’s owner.



On devhost (The host you are SSH’ing to):
Copy the public key from my_pc to devhost, and append it’s contents to the end of the ‘authorized_keys2‘ file, like so:

cat id_dsa.pub >> ~/.ssh/authorized_keys2

Note that the ‘authorized_keys2‘ file can hold multiple public keys.Make sure that ‘authorized_keys2‘ is only readable/writeable by it’s owner.You’re Finished! You should now be able to SSH from my_pc to devhost using SSH keys, and without the need for a password if you so desired.



Troubleshooting:
Use ‘ssh -v’ to enable verbose debugging when testing SSH connectivity.This was tested with OpenSSH on Ubuntu 8.04 LTS, and I’ve used this same method successfully on previous versions of OpenSSH, and on other Debian-based operating systems. Your mileage may vary depending on your OS and version of OpenSSH.