June 2005 - main - earth.li

More mutterings about ssh, passwordless login, ssh-agent, etc.
by Chris Green 09 Jun '05

09 Jun '05

I've been thinking about the security of my system(s) a bit more over the past week or so. I use ssh from home to work, from work to home and to connect from both home and work to a couple of remote systems where I have Linux shell login accounts. All the accepted 'rules' about security when using ssh say that one shouldn't use a 'no passphrase' key to get passwordless login, instead one should use a key phrase and ssh-keygen. From where I'm looking a 'key phrase' is exactly the same (from a user point of view) as a password - it's a (supposedly) difficult to guess string that I have to enter in order to log on to a remote system. The *only* advantage that using ssh-keygen gives you is that you (may) only have to type the passphrase in once for several logins. Since I tend to only login to remote systems once per session using ssh-keygen is (for me) no different from using a normal password. So, I've been looking around at other things that relate to this. One possibility is HostBasedAuthentication where it's the machine rather than the user that has the RSA/DSA keys. Doing this allows the keys to be readable by root only which adds a little extra protection but not a great deal (one site even says HostBasedAuthentication is less secure than a 'no passphrase' personal key). It also requires quite a lot more fiddling around with .shosts files and such and, of course, requires root access. So I have decided HostBasedAuthentication doesn't really do much for me. Another utility I have discovered is keychain, this is a sort of super ssh-agent which provides ssh-agent type facilities for a whole system which only needs to be renewed (i.e. the passphrase re-entered) when the system is rebooted. However, on thinking about it, I don't really see how this offers any better security than a 'no passphrase' personal key. Anyone who could steal your 'no passphrase' key could also use the running keychain, I really don't see what use it is at all, it just makes things more complicated. So finally I'm back at staying where I am, using a 'no passphrase' key to provide passwordless logins. One thing that would improve my security is to restrict ssh access without a password to specific IP addresses, I wonder if it's possible to do this as well as allowing password based access from other systems. -- Chris Green (chris(a)areti.co.uk) "Never ascribe to malice that which can be explained by incompetence."

5 6

Re: [ALUG] Norwich Anarchist Bookfair
by Sunflowerinrain 09 Jun '05

09 Jun '05

MJ Ray wrote... > Norwich 2nd Anarchist Bookfair 11 June Waterloo Park. > See http://www.indymedia.org.uk/en/regions/cambridge/2005/06/312709.html > > I'm not able to attend, but I'll send ALUG, AFFS or GNUstep > leaflets and/or CDs to anyone who wants to go. I'd be happy to go to the Bookfair, as last year, but only to smile sweetly and hand things out. Somebody else is needed to answer questions! e

1 0

alug library
by Paul 08 Jun '05

08 Jun '05

What's happened to the alug library ? Last I heard, Wayne was in the process of setting up an online catalogue and reservation system, but http://cgi.digimatic.plus.com/opendb/ goes nowhere.. /me was hoping to browse the available titles and reserve a few.. Regards, Paul. -- Pieces of seven, pieces of seven - A parroty error. "To err is human...to really f*** things up requires the root password." From a collection of quotes at http://www.indigo.org/quotes.html

2 2

ALUG Social Meeting Reminder: Thursday 9th June 2005, The Reindeer, Dereham Road, Starting from around 8pm (ish)
by Brett Parker 08 Jun '05

08 Jun '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, Just a quick reminder of the social meeting in The Reindeer on Dereham Road in Norwich tommorow (Thurs 9th June 2005). It should be starting around 8pm ish, I'll probably be there a little bit earlier than that, beware however that I'm less beardy than I have been in the past, at least 2 people failed to recognise me last month, but the beard is coming back so it should be less difficult this month ;) Photos of the usual suspects can be found from the following URLs: http://www.earth.li/~noodles/Photos/2004-08-ALUG/ http://www.earth.li/~noodles/Photos/2004-11-ALUG-Syleham/ http://www.earth.li/~noodles/Photos/2005-01-ALUG-Xmas/ Directions to The Reindeer can be found from the ALUG site at the following URL: http://www.alug.org.uk/venues/reindeer.html (hrm, looks like I need to send a new patch off for that, looks like I just spotted some bugs, but the map is right and the directions are right, so, erm... someone remind me to do that sometime ;) I know that Adam (quinophex) is hoping to get to the meeting, I shall, naturally, it being a pub, be there, I'm also expecting Jonathan (Noodles) to show up, he rarely misses these things, and Eli has already confirmed that she should be attending. Paul seems to be avoiding confirming wether or not he's turning up at the moment, so I expect he'll turn up... Hope you can all make it, if anyone wants a set of Sarge 3.1r0a CDs or DVDs please tell me in advance and I'll try to run some off, though, with the CDs I'd rather just run off CD1 and let you do a net install after that (the full i386 or powerpc CD set is 14 CDs, and that's with no source), the DVD set for i386 or powerpc is 2 DVDs (also no source). The source CD set is 15CDs, or 3 DVDs. Price is negotiable, just enough to cover my costs (i.e. blank CDs/DVDs) is fine, but feel free to buy me beer also :) Thanks, - -- Brett Parker web: http://www.sommitrealweird.co.uk/ email: iDunno(a)sommitrealweird.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCpwPeEh8oWxevnjQRApnFAJ0QSGwiBgpyliKH48/3BP6H+1gUvwCgpAME PEJzJU51yLzFPmxaVONaEr4= =3/bL -----END PGP SIGNATURE-----

1 0

Removing duplicate mail messages
by Chris Green 08 Jun '05

08 Jun '05

I'm shortly aiming to merge a load of mail messages, they stored in various different mbox hierarchies. It should be pretty easy to write a little script to simply merge all the files in the same place in the hierachy together but then I'll need to remove duplicate messages as I know quite large chunks will be the same messages which have been stored in different places. Are there any tools out there which will take a mbox file and remove duplicate messages? Removal on the basis of Message-Id: would be fine. -- Chris Green (chris(a)areti.co.uk) "Never ascribe to malice that which can be explained by incompetence."

3 8

Apple-Intel.
by Bob Dove 07 Jun '05

07 Jun '05

Apple X86? Why??? What's wrong with Motorola? Linux users switching to OSX (Unix) - again why? You guys seem to have a strong grip on Linux with bags of O/S to choose and run, and WINE already available to you for your Win apps why bother with OSX? Cheers, BD. -- Internal Virus Database is out-of-date. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.2.0 - Release Date: 27/05/2005

3 2

Debian Sarge finally released!
by Brett Parker 07 Jun '05

07 Jun '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, For those that haven't already seen the announcement, yesterday saw the release of Debian GNU/Linux 3.1r0: Sarge. The official announcement is available from: http://www.debian.org/News/2005/20050606 Yay! Party! Thanks, - -- Brett Parker web: http://www.sommitrealweird.co.uk/ email: iDunno(a)sommitrealweird.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCpVejEh8oWxevnjQRAj1tAJ9L/2I3UuOLhthkFjNX8oqYeM41YQCgr6g6 Chjd8p7e6QaS5xhFPodgSw4= =xywt -----END PGP SIGNATURE-----

8 17

GnuCash
by Stuart Bailey 07 Jun '05

07 Jun '05

I'm have been using GnuCash 1.8.8 for the last 9 months for my business accounts. My accountant has just ask me for my account in a spreadsheet format - I'd be happy with CSV. I can't find anyway in GnuCash to export to anything other than xml. Is there anyway to export to spreadsheet - even via a third party tool? Many thanks, Stuart. -- --------------------------------------- Stuart Bailey BSc (hons) CEng CITP MBCS LinuSoft (Proprietor) Linux Specialist (01953) 601294 (07778) 383739 http://www.linusoft.co.uk ---------------------------------------- ********************************************************************** This email and any files transmitted with it are confidential. If you are not the intended recipient, please email postmaster(a)linusoft.co.uk immediately. You should not copy or use this email or attachments for any purpose nor disclose their contents to any other person. NO BINDING CONTRACT WILL RESULT FROM THIS E-MAIL UNTIL SUCH TIME AS A WRITTEN DOCUMENT IS SIGNED ON BEHALF OF LinuSoft. LinuSoft cannot accept any responsibility for the completeness or accuracy of this message as it has been transmitted over public networks. *************************************************************************

4 4

Linux Format / Linux Magazine (fwd)
by MJ Ray 07 Jun '05

07 Jun '05

On the edge of the region. Anyone want them? > Name: Derek O'Connell > Email: dmoc02 at yahoo.co.uk > Subject: Mags > Message: Hello! I'm based in Hornchurch, Essex. If you know anyone who > may be interested in the following mags for free (as long as they are > collected) then please pass my email address on to them. Thanks. > > Linux Format, 58 issues: > 2000: 9 issues + cd\'s : 1..9 > 2001: 13 issues + cd\'s : 10..22 > 2002: 13 issues + dvd\'s: 23..35 > 2003: 13 issues + dvd\'s: 36..48 > 2004: 10 issues + dvd\'s: 49..58 > > Linux Magazine, 23 issues: 2..23 (+cd\'s), 42 (dvd)

3 2

irc
by andy 06 Jun '05

06 Jun '05

been trying to join your irc folks,using ksirc,can't seem to join. any tips as i'm new to irc.could you point me in direction of the server you're on,login details,etc thanks andy

2 1