Category : Security
I’ll start by classifying the pronoun ‘things’. By ‘things’, I mean to say data. I would like to keep my address books, personal thoughts, and other important stuff safe from prying eyes. Let’s face it, there are some real weirdos, freaks, and just down right mean people out there. Some of them live in dark places, and eat worms to survive. Strange as it sounds, these same people found some way to get their hands, and brains, on some computers. Once they figured out how to turn worm guts into touch pads for their refurbished laptops, they were online, and everything went down-hill from there. So, in summary, we need to try and keep things locked down a little.
I’ve been talking to a co-worker about this, and found out about a handy tool called the KeePass, made by PortableApps. To get started, download PortableApps Suite Lite, then pick out what apps you need to use at remote locations. The SourceForge File List for this project is a complete list of applications supported.
I recommend checking the MD5 Hash of each file you download to make sure you are getting what you want. There is always a possibility that the worm eaters intercept your download request and replace the good file with one they doctored up with viruses and stuff. Running a MD5 Hash on the file after you download it and matching the results with what’s listed on the main website is a good way to prevent this from happening. At the time I downloaded the Lite v.1.0, it’s MD5 Hash was da9d15132d82bb9163f2d8274a842508. A handy tool to get the MD5 Hash of your downloaded file is called MD5Summer.
After checking the file, install it to the root of your portable device.
Now that we have enjoyed playing with the many portable applications available, it is time to setup some security on our Linux host using SSH. I will be following Jason’s document here. He describes how to turn off password authentication completely, relying on long keys, which can have passwords of their own. I already have a key generated for my ‘normal’ non-root user that doesn’t have a password assoiciated with it. For this task, I’ll create a new user called something else.
I turned off password authentication, and it won’t let me in. Oops
Reminder for later – Ask your co-worker if they have investigated using RADIUS for this security. Would RADIUS be more secure than this?
I’ll come back later and update with my fix.