 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>>> Seems pretty straightforward to me.
>>
>> Does that disable CHAP as well? Or only plain password authentication?
>> (If I'm remembering this right, CHAP is basically password
>> authentication, but with a slightly more secure wire protocol.)
>>
>
> Indeed, for ssh, PasswordAuthentication is never going to CHAP.
> PasswordAuthentication of ssh need that the lower layer negociated
> already an encryption and a mac/checksum.
> (it is forbidden to use password authentication over a clear connection)
>
> Myself, I prefer signature authentication, with ~/.ssh/authorized_keys .
> My password/passphrase locally unlock the private key, and the public
> key is in the remote host(s) user directory.
Yeah, that's basically my point. It took me *forever* to figure out how
to make it so that public key is the /only/ enabled protocol, so that if
you don't have a copy of my private key, there is NO WAY IN HELL that
you can log in to my box.
Seems like a simple thing to want to do, but I tested it several times
and it was still letting me log in with a weak-arse password instead of
demanding a key.
> In fact, the FILES section of the man page for sshd is long... very long.
As is the configuration file, IIRC...
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Le 14/09/2011 10:33, Invisible a écrit :
> On 14/09/2011 04:22 AM, Jim Henderson wrote:
>> On Tue, 13 Sep 2011 19:48:55 +0100, Orchid XP v8 wrote:
>>
>>> Let me rephrase: There are no SSH servers that are free software.
>>
>> openssh is released under the GPL, and has been around for quite some
>> time now (certainly more than 5 years - I'd say more than a decade).
>>
>> And there are versions that run on Windows - using cygwin or not.
>
> When I looked, I couldn't find any precompiled Windows binaries for
> OpenSSH anywhere.
I'm sorry, but you are asking for something against the commercial logic
of your operating system:
You paid for your OS, you also have to pay for your applications.
Only loonies provides free stuff of excellent quality on that platform.
Serious programmers for that platform are expected to extort a lot for
the application you might install (be it shareware or direct buyware or
troyan or racket-ware... ).
Please, assume your choice.
did you look at http://www.freesshd.com/?ctt=overview
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> When I looked, I couldn't find any precompiled Windows binaries for
>> OpenSSH anywhere.
>
>
> I'm sorry, but you are asking for something against the commercial logic
> of your operating system:
>
> You paid for your OS, you also have to pay for your applications.
> Only loonies provides free stuff of excellent quality on that platform.
> Serious programmers for that platform are expected to extort a lot for
> the application you might install (be it shareware or direct buyware or
> troyan or racket-ware... ).
>
> Please, assume your choice.
No OS fanboys in here, no sir! :-S
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/14/2011 1:31, Invisible wrote:
> On 13/09/2011 10:01 PM, Darren New wrote:
>> On 9/13/2011 11:45, Orchid XP v8 wrote:
>>> So what changed then? Certainly X hasn't changed since prehistoric
>>> times...
>>
>> ssh port forwarding, for one. It was never hard to forward X. It was
>> hard to forward X securely and hard to forward X without first logging
>> in over a command line interface.
>
> You mean SSH hasn't existed since before System V as well?
*Relatively* speaking, ssh is much newer than rsh. It's also relatively new
that it will do port forwarding and stuff like that. Remember that ssh was
standardized in 1995 or so, and X has been around far longer than that.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/14/2011 1:32, Invisible wrote:
> On 13/09/2011 10:05 PM, Darren New wrote:
>> On 9/13/2011 11:45, Orchid XP v8 wrote:
>>> OK, let me put it this way: X lets you install an application on a
>>> central
>>> server, and have multiple X "servers" (i.e. *clients*) connect to that
>>> server and have their own instance of the application appear on their
>>> screen.
>>
>> Yep. You still need a computer for each user, tho.
>
> Sure. But I mean, you can set up an application server that more than one
> person can access, without doing anything particularly special.
You can do exactly the same thing on Windows that you do on Unix.
Log into the windows box remotely. Start an X client and point it at your
display. Disconnect without logging out. Someone else logs into the windows
box remotely. They start an X client and points it at their display. They
disconnect without logging out. Guess what? Windows running X clients
talking to two different X servers.
>> Um, it's $117 online, and that's with five client licenses.
>>
>> Even if you don't find a deal, it's $525. Far from "multi-thousand
>> dollars".
>
> OK, well maybe it's the cost of the client licenses I'm thinking of then...
That's with five client licenses. So about $110/user.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/14/2011 8:09, Le_Forgeron wrote:
> You paid for your OS, you also have to pay for your applications.
> Only loonies provides free stuff of excellent quality on that platform.
I think you just insulted every member of TAG. ;-)
Seriously, googling for "gnu win32" tends to get you ports of everything.
http://linuxmafia.com/ssh/win32.html
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/14/2011 1:37, Invisible wrote:
> Really? I thought they just connect to a central game server. (Although...
> actually they mostly seem to use UDP, so "connect" is a little nebulous.)
Bingo.
>> Or iconify the remote screen, copy the file, expand the remote screen,
>> paste the file.
>
> Oh, that works?
Why wouldn't it?
>> Or just let RDP mount the disks over the link, so they
>> show up as networked drives on the remote machine.
>
> Ah - it [optionally] connects local and remote disks, the same way it
> connects printers, right?
Yep. And sound. And USB ports.
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Wed, 14 Sep 2011 09:42:31 +0100, Invisible wrote:
>>> In seriousness, manpages are, by definition, *reference*
>>> documentation. What the standard Unix system lacks entirely is any
>>> kind of *explanation*.
>>
>> Depends on the manpage.
>
> No, pretty much all of them list the command options, and that's it.
So I'm lying, then, is that it?
I suspect that I spend just a *tiny* bit more time than you do reading
man pages - and I wouldn't make an assertion that "it depends on the man
page in question" if it weren't actually the case.
> The manpage for bash practically lists the BNF grammar for shell
> scripts, but fails to provide any useful introductory material for
> anyone just trying to get started. (E.g., how the **** to I execute the
> same command for every file in this folder?)
>
>> PasswordAuthentication
>> Specifies whether password authentication is allowed.
>> The default is “yes”.
>>
>> Seems pretty straightforward to me.
>
> Does that disable CHAP as well? Or only plain password authentication?
> (If I'm remembering this right, CHAP is basically password
> authentication, but with a slightly more secure wire protocol.)
It doesn't say anything about CHAP. I'm pretty sure it also doesn't
change the password encryption method from AES to Triple-DES as well.
It's not likely to document everything it *doesn't* do, just what it
*does* do.
>> There's a difference between configuring sshd and using the public key
>> for authentication.
>>
>> You *can* do a host key, but in most cases it's not necessary:
>>
>> Normally each user wishing to use SSH with public key
>> authentication runs this once to create the authentication key in
>> ~/.ssh/identity, ~/.ssh/id_ecdsa, ~/.ssh/id_dsa or ~/.ssh/id_rsa.
>> Additionally, the sys- tem administrator may use this to
>> generate host keys, as seen in /etc/rc.
>
> I thought the host key is how the server identifies itself to you, not
> how you identify yourself to the server?
Host keys aren't very commonly used AFAIK.
> At any rate, it's news to me that you can create a ~/.ssh folder and
> sshd will actually take note of this. I don't recall the manpage
> mentioning this at all.
It's always been that way. The cited bit above is from the man page and
says pretty explicitly that the user's keys are in ~/.ssh
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Wed, 14 Sep 2011 16:57:09 +0200, Le_Forgeron wrote:
> Myself, I prefer signature authentication, with ~/.ssh/authorized_keys .
> My password/passphrase locally unlock the private key, and the public
> key is in the remote host(s) user directory.
As do I - I guess I wasn't as clear as I thought in explaining how the
key is put on the remote machine - it does indeed go in the
authorized_keys file.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Wed, 14 Sep 2011 09:33:49 +0100, Invisible wrote:
> On 14/09/2011 04:22 AM, Jim Henderson wrote:
>> On Tue, 13 Sep 2011 19:48:55 +0100, Orchid XP v8 wrote:
>>
>>> Let me rephrase: There are no SSH servers that are free software.
>>
>> openssh is released under the GPL, and has been around for quite some
>> time now (certainly more than 5 years - I'd say more than a decade).
>>
>> And there are versions that run on Windows - using cygwin or not.
>
> When I looked, I couldn't find any precompiled Windows binaries for
> OpenSSH anywhere.
They are available now. Cygwin has also been around for a while, and
includes an sshd server (in fact, a couple of the versions I found for
Windows were essentially stripped down installations of cygwin).
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
