I guess I don't understand the point of authenticating with a key vs a really long complicated password. Aren't they both effectively the same thing? And if I authenticated with a key, I would need a keyfile, right? Which would require that I keep a keyfile on my person whenever I wanted to access the server, whereas right now, I have the password almost memorized (a few more entries should do the trick).
You would generate a private/public key pair and place the public key on the server. The private key (which should be protected with a passphrase) stays on your PC. When you log in, no password will ever be transferred. The more servers you have, the nicer it is. As long as your pubkey is on it, you can log in with your passphrase. I wouldn't want to carry around 2-3 pages of passwords to do my daily work. Just store your private key along with your portable Bitcoin in a Truecrypt container on your usb stick. So it's a bit like having a password protected by a password then? I don't carry a USB stick with me... nor do I carry pages of passwords with me. I won't go into details about my methods of saving them here though. Guess it's just one of those different strokes for different folks thing. As long as the password isn't transmitted in plaintext for an SSH session, then I don't see why it wouldn't be a perfectly secure way of accessing a server. |
|
|
|
I'm not paranoid. If an attack only exists in theory, then I'm not going to go out of my way to prevent it. Especially when it costs me convenience (i.e., not being able to access the server from any computer). Using keys has nothing to do with being able/unable to access ssh from a remote computer. Controlling that access level is done via iptables. If the remote user is allowed to go through, then he has to authenticate to ssh. Either via key or password (and actually, keys are more convenient because you can use your public key on different machines). I guess I don't understand the point of authenticating with a key vs a really long complicated password. Aren't they both effectively the same thing? And if I authenticated with a key, I would need a keyfile, right? Which would require that I keep a keyfile on my person whenever I wanted to access the server, whereas right now, I have the password almost memorized (a few more entries should do the trick). |
|
|
|
- Theories... try to put that in practice (good luck)
Enough reason for me to drop password authentication. - Under such the server is already compromised, there's no reason to sniff the password, as that is an "attack from inside out".
Of course there is. Do you have any idea how many use the same password over and over again, "because it's so convenient having to remember only one"? Long story short: I will always tell users to use key based auth. There is no reason to use password auth anymore. Plus, it renders brute-force/dictionary attacks useless. I'm not paranoid. If an attack only exists in theory, then I'm not going to go out of my way to prevent it. Especially when it costs me convenience (i.e., not being able to access the server from any computer). That said, I still appreciate your input on the matter. I only use that password for root - nothing else. There is no reason for someone to brute-force that password if they are already in the system. |
|
|
|
The problem is those paying at a much lower rate than us, even though they 'make' much more money and actually do much less work. It's amazing that you can delude yourself into thinking that while you're paying $1,000 in taxes and I'm paying $100,000 in taxes somehow I'm getting a better deal and do less work than you. Just because I don't dig ditches or flip hamburgers doesn't mean the way I make money is any less work. In fact, if your job is so important, why are you making peanuts? Clearly the world values my labor more than yours, hence the fatter paycheck. If you didn't have people like myself that make most of the money, who would you leech off of? And that is why I support any politician, no matter how distasteful, that supports an across the board flat tax with no deductions. Flat tax is a joke. You pay 10% of nothing and I pay 10% of a million dollars. There's nothing fair about that. How about we each pay the same dollar amount, or better yet, pay for the services we actually use? I like that last one, pay for the services you use. The rich can pay for the cops, the courts, and the military. The corporations can shoulder the lions share of infrastructure. We should also include the fact that welfare keeps the masses from rioting/stealing, so the rich, who would be the ones hurt by the rioting and stealing can pay for that too. Hmm, I think that leaves the middle and lower classes with consumer safety boards, a portion of infrastructure, and the FDA. ^^this was more or less the point I was trying to make, bitcoin2cash. Very few of our public services have the best interests of the lower 99% of the population in mind, therefore they should pay much less for them. I completely disagree. Poor people need cops and courts and military just as much as rich people do. I would even argue that poor people need it MORE, as there is more crime (domestic abuse, drug dealing, murder, theft/burglaries, etc) in poor, slummy neighborhoods than there is in rich, upscale neighborhoods. Just look at any county's emergency call map. I agree regarding infrastructure - corporations definitely use a large chunk compared to the average consumer. I don't think welfare is the corporation's responsibility. That's just rewarding people for being bad, which doesn't make any sense. Welfare should be eliminated entirely. If a particular corporation wants to avoid riots from all the evil they are doing in the world (  ), they could fund a charity or start their own soup kitchen. |
|
|
|
I don't use or recommend VNC. It's known for several weaknesses and buffer-overflow attacks. I would stop that thing, as SSH is much safer and does the same.
(but that's a personal hate, as the only time I got a server "hacked" was due to VNC - RealVNC 4 at the time - a stack overflow attack allow someone to bypass the password and access that PC. Hopefully it only had some eMule downloads - mp3 and stuff alike)
Interesting. I will minimize use of VNC then. |
|
|
|
Whether the price is going up or down, MagicalTux must be really happy, look at the volumes!!
510 BTC for the day in commissions... not bad. On another interesting note, the price is getting dangerously close to my break even point for mining. $7 is when I shut it off, since costs are so much higher with running the A/C to keep everything cool. Come fall time, when I don't need the A/C anymore, it'll be much more viable, back down to $4 or so per BTC needed to keep mining. I expect others are crunching similar numbers for typical at-home setups. |
|
|
|
Passwords can be sniffed.
And here starts the BS... SSH is an encrypted connection like SSL. There's no issue in have SSH open, you may need to access it from somewhere else outside your home or from a different device. Just keep a good and strong password; crypt is also slow enough to make brutte-forcing not worth the while. Thanks for the clarification. I thought that was the case, but still know little enough that my knowledge is easily swayed. How can I tell if the VNC connection is encrypted? I just use RealVNC (enterprise edition). |
|
|
|
from 8.75 to 10.35 in just a few minutes.... it's RALLY time
That WAS the rally. Time to drop again! |
|
|
|
Lost confidence in Dwolla. Dwolla and Bitcoins were like peas and carrots. When Dwolla gave us the middle finger, that was the last bit of confidence we had left.
No way in hell will it ever get big again if we got as big as we did and still failed.
Everyone is selling.
No reason to buy.
Number of bitcoin outnumber the money flow in.
As soon as the price rises, someone will sell all their btc again and wipe out all the big bids.
The price of bitcoin is not related to whether it will survive or not. If it goes back to 10,000 BTC for a pizza, then it goes back to 10,000 BTC for a pizza. But it can still be used. The only time you get to say RIP bitcoin is when it is literally worth $0. No one wants it, and no one uses it. I doubt this will ever happen. Collectors might latch on to coins even, buying a million for $10, who knows. But someone, somewhere out there will always want bitcoins. It will never die. |
|
|
|
So allowing SSH from any IP is unsafe, despite having a secure password? Why?
Passwords can be sniffed. Who needs access via ssh? Only you? Good, then why allow everybody to connect? Leaving it open (with key-auth only) can be an acceptable trade-off if you don't want to end up locked out. However, that should be the last choice. Of course, everything else adds a little work, but security isn't free. Bascially security goes like this: lock down everything. Then open what you need, but only as much as required. VNC isn't really neccessary if you have set up your ssh correctly. In the worst case you'd need a DC monkey to disable your firewall temporarily. Considering who the VPS is rented from, I won't rely on them for immediate assistance. Sounds like I have a lot to work on with the firewall then.  |
|
|
|
|
I'm buying back during this selloff... guess I'm not in too much dispair yet!
|
|
|
|
|
I have no idea what you're trying to say slippyrocks, but just to answer your title: Probably because he likes ICE's.
Personally, I believe the electric car is a farce.
- It is uneconomical (people are only buying it because it is so heavily subsidized, both on the manufacturing side and the purchasing side).
- It actually pollutes more than a gas vehicle does (according to studies I have read, and the amount of pollution/energy put into manufacturing Li-on batteries, not to mention the coal-fired plants that produce the electricity used to charge them).
- It isn't practical. The range is terrible, the charge times are horrendous, and the capacity is usually slim.
On the plus side, it does have 100% torque available at any RPM range, which is nice. Way too many negatives that are going unsolved (and being hidden) though.
|
|
|
|
Lock down everything and only allow the ports you really need (eg 80) to be accessed from the outside. You could allow ssh if you switch to public-keys and disable password auth. Of course it would be better to restrict that too, but that way you can still ssh in if you don't want to go the dyndns route if your IP changes. You can also use something like fail2ban too.
So allowing SSH from any IP is unsafe, despite having a secure password? Why? I do have VNC access, so perhaps I could use that as the failsafe if my IP changed. I'll look in to fail2ban as well, thanks for the suggestion. |
|
|
|
I'd much rather see more money printed to pay down the national debt than to pay it down myself.
me too. That would cause inflation and make my own debt less significant. Fire up those printing presses. Doesn't that depend on what type of debt you have? Aren't some variable interest rates which means they can increase your interest rate to take into account inflation? The biggest and most important ones (my home mortgage and student loans) are not variable interest. |
|
|
|
Theres no real wall between now and single digits, unless a shock rally starts to build up at $10. We're going down folks, all the way down...
It bounced off of 10. |
|
|
|
You can bind mysqld to an IP of your server, or to all. Then lock down the port 3306 in iptables (of course you already firewalled your server, right?) and then whitelist your IP. If you have a static IP it's simple; if not, get a dyndns entry and put together a little bash script which adjust your firewall rules every x minutes.
Or learn using the mysql shell directly; there's no need for a remote management tool at all. Then you can lock mysqld down on localhost only.
I haven't installed or tweaked the firewall beyond whatever is default in Ubuntu, no. Probably something I should do. I don't have anything important on the server yet though. But thanks for the advice. My IP isn't static, but it has only changed once in the last 10 months. I guess losing all access if my IP changed would be a bad thing though.  |
|
|
|
|
Might want to check those sent-to addresses again at the rate someone is selling off their coins!
|
|
|
|
|
Show Posts
