bill's blog

Just another WordPress weblog

Browsing Posts tagged fingerprint

stock_lock
Gnupg public key and corresponding fingerprint:

62E2 067D 9148 9BAA 4A0F 8815 AB5C 668B 5EE0 528C

Authentication (from Greek: αυθεντικός) – is the process of providing credentials to establish that you are who you claim to be. In terms of computers there are a number of way to do this:

What you know – this basic user ID and password. The easiest to defeat… Just take a look around the uses desk.

What you have – this is token based. It can be combined with traditional user ID and password to create two-factor authentication (TFA). Smart cards and USB tokens are the most common way to provide this. Yubikey makes an interesting solution… It’s a token that generates out a one-time password.

What you are – this entails the use of a biometric device to scan a body part most often fingerprint or iris. Additionally, the credence of one’s typing has been used to identify an individual. Once again it can be used with traditional forms of authentication to provide stronger protection.

SSH Keys

No comments

Let’s say that you have to log into 20 or 30 machines per day. At the end of that day that can lead to a lot of keystrokes. I believe that I’m a focused individual but during the course of that day I can get interrupt may times over. Trying to remember exactly what I am access this host to do can be a challenge at times.

There are those that feel that using ssh keys is an unsafe practice (and it CAN be) if you don’t protect your host correctly. I have this implemented behind a gateway firewall and behind IPFW rules. This being the case a hacker would have to compromise the network and then the host itself. Is this a guarantee that a hacker can’t get to you? No, but it does make it somewhat more difficult to get at the machines.

So the first thing that I need to do is generate the keys that I am going to use.

ssh-keygen -t dsa

You can use other algorithms based on your comfort levels. See the man pages on ssh-keygen to see which flags are built into your version of ssh. You should see something very much like this:

mission-control:~ bheese$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/Users/bheese/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/bheese/.ssh/id_dsa.
Your public key has been saved in /Users/bheese/.ssh/id_dsa.pub.
The key fingerprint is:
52:d4:23:d5:91:b9:2e:0a:41:ac:6a:8d:c9:ee:9c:cc bheese@mission-control.randomdog.net

I did not put a passphase in as I want to be able to access the server using only my ssh keys! ls produces the following out in the .ssh directory.

mission-control:~/.ssh bheese$ ls -al
total 48
drwx------    7 bheese  bheese   238 Mar  2 18:58 .
drwxr-xr-x   30 bheese  bheese  1020 Feb 29 22:51 ..
-rw-------    1 bheese  bheese   672 Mar  2 18:58 id_dsa
-rw-r--r--    1 bheese  bheese   626 Mar  2 18:58 id_dsa.pub
-rw-r--r--    1 bheese  bheese  5828 Dec 27 19:14 known_hosts

To be able to log in to remote systems using your pair of keys, you will first have to add your public key on the remote server to the authorized_keys2 file in the .ssh/ directory in your home directory on the remote machine. Once this is completed… Log into the machine with the account you created the authorized_keys2 for. You will not be prompted for a password.

One of the reasons for doing this is to allow for scripting across the network. Now you can create a script that can be run against a file that contains (or any input from STDOUT) a list of all machines you want the script to deploy on.