Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
For example, I have a file /tmp/plain.txt, and if userA do a cat, he will get correct content, for example, correct content, and if root cat it, he will get meaningless text, for example, easd$qxc%sdf. and even root copy it to HOME, he cannot get the right content.
Is it possible?
You can encrypt the file using AES symmetric encryption and keep the key safe with you. And use that key to decrypt your file and view.
You can also make it more secure by using RSA asymmetric encryption, with encrypting from a public key, and decrypting from a private key.
If you want other users not to read your files, better make sure they do not have access to root's password. You can easily manage user permissions on files, by using chmod, or by using a file manager:
chmod o-rw /tmp/plain.txt
Where o indicates all users expect you(and root),
- indicates revoking permission
rw indicates reading and writing permissions
If you want a more secure method, you'll need to encrypt your home partition. Depending on which distribution you are using, you may encrypt your the partition on installation or by simply using a partition encryption tool in a live boot session.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
On OS X, when I install new software, the system pops up a dialogue window and asks me to input administrator password.
Is it possible that some malware pops up a window which is exactly the same as the real one, except that it stores the password and send it somewhere?
// Update
The password of my local machine would be useful:
1, when a hacker has already got into my system, and need my password to execute priviledged commands;
2, when a hacker has already got my account name, and only need a password to hack into my account. Many people use a single password in a number of places and the local password is a good guess for the account's password.
yes it is.
why should it not be possible? it even sounds to hard to write such a behavior for a malware.
but actually i dont know why a malware want to send your the administration password from your local computer to someone.
//#update
yeah for sure u can use a password for some things, but if u are able to create a malware, which gets acces to a computer to sniff your passwort for the local account, you should be also able to do this stuff without having the password.
for sure, many malwares want to get passwords, but they normally try to get passwords for onlineaccounts or your banking account.
but at last the answer of your question still is: yes it is possible
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
this could be a very easy question, I have read some articles but I cannot fit those articles to my situation:
I have from remote.com server a pair of private and public keys (.ppk) for user 'dummy'.
I am in some Unix server (AIX 7.1) and I want to do:
ssh dummy#remote.server with prompt the login
We don't know the password they just provided the keys to log in into the server.
What we have to do?
Just in case: We don't have puttygen and We are not allowed to install it, do we have to ask for PEM format keys?
Making some assumptions:
That the people who have given you the public/private key pair have set up the remote server "dummy" account appropriately
The version of SSH on your local UNIX server is OpenSSH (or something similar)
You need to save the private key you have been given somewhere safe on the filesystem, but this needs to be in the format the local SSH client understands - and for this you will need to run it through 'puttygen'. Does not have to be on the local server, just somewhere to get the right format of key.
ssh -i <identity-file> dummy#<servername>
should do the trick.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
Is it possible to require BOTH a private key and a passphrase in order to decrypt a file using gpg? I understand I can encrypt the file twice once using the public key. Then encrypt that file with the passphrase. Is there an option in gpg that will do this in one step? Looking through the man file I only was able to find a key or passphrase. Any insight would be appreciated.
I understand I can encrypt the file twice once using the public key.
Then encrypt that file with the passphrase. Is there an option in gpg
that will do this in one step?
Nope. There is no such option.
(You can however PGP-encrypt a file with a symmetric passphrase while at the same time encrypting it to multiple recipients. This basically results in multiple copies of the session key [which is used to symmetrically encrypt the message] being encrypted via different means [potentially various public keys along with a shared passphrase]).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
Is there any risk keeping open world-read access to passwd file?
Why is by default passwd file world-readable
It is for all users to be able to read their usernames and other data in this file. Sensitive data in modern UNIX systems is kept in /etc/shadow file.
/etc/passwd is world-readable because it contains system-wide account information, like username to real name mappings. It doesn't contain password hashes; those are in /etc/shadow which is only readable by root. Anything that needs to do authentication has to go through a trusted setuid-root service that can check that file.
(And, of course, many systems don't use passwd/shadow for account information anymore. If you use the C library instead of reading the files directly, though, you won't notice.)
The passwd file doesn't contain password hashes any more - they are in the shadow file.
/etc/passwd now only contains the list of users on the computer, and a few basic parameters like their shell. The reason to make it world-readable is so that the world can read it.
This is not generally considered a security vulnerability, though in some circumstances it may be inappropriate.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about programming within the scope defined in the help center.
Improve this question
I'm creating public/private keys to access to my VPS. I would like to understand how to organize better this kind of job.
At the moment I have a local user named dail and three users in the VPS woth their home like:
user1 -> /home/vhosts/user1
user2 -> /home/vhosts/user2
user3 -> /home/vhosts/user3
OK, now my goal is to connect from my PC to the VPS with public/private keys avoiding password logins.
I have generated three pairs of keys in my PC and then uploaded the public keys in the three home of the VPS users.
I have the private keys in /home/dail/.ssh/ named like: user1.private user2.private user3.private and the publis are in:
/home/vhosts/user1/.ssh/authorized_keys (user1.pub)
/home/vhosts/user2/.ssh/authorized_keys (user2.pub)
/home/vhosts/user3/.ssh/authorized_keys (user3.pub)
I tested all the things and all works correctly but i woul dlike to understand if this is a good setup OR do i have to do the opposite?
I mean create the keys on the VPS and save the .pub keys in my pc... ?
Another thing is, in my local pc can I not create a directory with all the private keys avoiding to save them in the .ssh of the local user that has nothing to do with server users ?
Thank you!
Creating the keys on your local PC and upload the .pub Keyfile to your server's ~/.ssh/authorized_keys is the right way.