Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
Is it possible for you to delete your main ssh key? I'm talking about the one that you would use in order to remotely access your computer. And if this is possible, what would happen? Would you not be able to access your machine remotely at all, or would anyone be able to access it?
A server has public keys for the people who can log in to it.
The private key is held on the computer(s) seeking access.
If you delete your public key (from .ssh/authorized_keys) then you can no longer access that account with the matching private key. But someone with access could always add it back for you.
If you delete your private key (.ssh/id_rsa, etc.) then you lose the ability to connect to any accounts on any servers that have the public key entry for that key in the authorized_keys file and in order to regain access to those (or other) accounts/servers you need to generate a new key pair and have someone with appropriate access update the authorized_keys files.
At no point does any of this grant (or remove) access to anyone else anywhere.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
As a matter of practice, I'd like to keep my OpenVPN client configuration file encrypted in long-term storage. The only way I can find to pass the config data is by pointing openvpn to the file itself like openvpn client.ovpn. This means the file needs to be decrypted to the filesystem before I can use it.
Is there some way to pass the config values along the lines of the following?
gpg -d client.ovpn.gpg | sudo openvpn -
You can create encrypted file in ram, mount it and keep it there.
Anyway if you setup correctly, you can have user openvpn as only user allowed access to file that is decrypted to ram.
If it's only user to read decrypted file, using chown, then nobody on your filesystem can read it, but if somebody's found your disk unencrypted he could.
If you keep it on mounted partition...
http://manpages.ubuntu.com/manpages/bionic/man8/cryptmount.8.html
That is encrypted whole time, just mounted unencrypted, even somebody having access to your hdd outside of computer wouldn't know your openvpn stuff.
Also this gpg -d -a < client.openvpn.gpg | sudo openvpn --config /dev/stdin
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I am using SSH to exchange some keys between my server and a client.
Here the client should use SSH to send me his public key; my question is, how to restrict the other commands in bash?
Even if I use rbash, the client can run commands like:
ssh remote_host command_to_run
What can I do to overcome this problem?
Are you trying to authorize only one command on the server when a particular SSH key is used ? If yes, you can check the command statement of the authorized_keys file.
For example to authorize only ps -aux when the user foobar use KEY, you can edit /home/foobar/.ssh/authorized_keys this way :
command="ps -aux" ssh-rsa KEY
See the manual.
Please have a look at sshd_config on your (server) machine.
"Match" and "ForceCommand" should provide you with means for
restricting the commands available (or which command(s) to execute on connect).
You might also consider allowing only scp (to a specific directory)
and pickup the files from a daemon (or cron job) on the server.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I have a list of many servers. need to check (actually do some works on them) if the private key on the hand still can be used to login with SSH.
If I use ssh -i /path/to/private_key admin#server_host. it will just hang there asking for password: admin#server_host's password:
What can I do to avoid this kind of hang, and collect info when private key is not applicable for this server?
You can tell ssh to not allow password authentication using:
ssh -i /path/to/private_key -oPasswordAuthentication=no admin#server_host
This will cause ssh to exit immediately if the private key does not work.
If you would like it to just exit if it is successful also, just add that command to the end:
ssh -i /path/to/private_key -oPasswordAuthentication=no admin#server_host exit
I couldn't get the PasswordAuthentication=no option to work with Mac OS/X 10.9.2.
However, I was able to get the desired behavior with NumberOfPasswordPrompts=0.
Actually I find another more accurate option available in ssh which can be used to solve my problem.
-oPreferredAuthentications="publickey"
After add this option, ssh connection will only use authentication with the private key I provided instead of trying other methods first (and ruled out password like the answer I accepted). This even speed up whole process.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
There is Windows Server 2003 machine which has many users to access. Each of them want to configure their own hosts file to redirect a hostname to certain IP address. (They are virtual machines with same hostname and different IP addresses owned by each user.)
C:\WINDOWS\system32\drivers\etc\hosts
Also, we cannot simply ask users to use IP address to connect because the hostname is configured and need to be used in an application. Can we have this user specific hosts file configured or any workaround?
technically this is not possible...a simple programmatic work around could be to write a script and at user logon replace the file with whatever values you want.
since most of the changes in the hosts file are read at runtime, you should be able to achieve the result you are expecting
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I am a freelance programmer and often I will register a domain name for a client under a domain name reseller (and of course under my account).
I wanted to know if there is any standard procedure for selling the domain name to the client or just let them transfer it.
Does anyone know a normal procedure for this type of scenario?
If the domain name was purchased on behalf of the client, then it belong to the client and I would not charge them if they want to move the domain to a different registrar. It would not be ethical. I normally insert my name as technical contact only and leave the client as administrative contact, thereby indicating they are the owners.