home bbs files messages ]

Just a sample of the Echomail archive

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

   RBERRYPI      Support for the Raspberry Pi device      21,939 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 19,308 of 21,939   
   Pancho to druck   
   Re: It is now very nearly impossible to    
   01 Feb 24 08:12:32   
   
   INTL 3:770/1 3:770/3   
   REPLYADDR Pancho.Jones@proton.me   
   REPLYTO 3:770/3.0 UUCP   
   MSGID:  e911dacc   
   REPLY:  de7e9757   
   PID: SoupGate-Win32 v1.05   
   On 31/01/2024 21:25, druck wrote:   
   > On 31/01/2024 20:26, Pancho wrote:   
   >> Yes, I understand the need for unique keys for clients which operate   
   >> outside the home, like a laptop, but what about for the LAN only   
   >> devices? For instance, a rPi using scp to another rPi. I have quite a   
   >> few Pis.   
   >>   
   >> When I set up a new machine, it is often easier to use an existing key   
   >> which already has been installed on all SSH servers, so I use a single   
   >> one. Often, I just copy the ~/.ssh folder. I suppose I could reuse a   
   >> currently unused key from a pool of configured keys, but it seems like   
   >> a lot of work.   
   >   
   > Very bad practice. Generate a new key on each device with ssh-keygen and   
   > copy it to your primary machine with ssh-copy-id Then replicate the   
   > primary machines .ssh/authorized_keys file to all the others, so you can   
   > login from any machine to any other.   
   >   
      
   Yes, but in practice that meant everytime I installed a new OS on an   
   experimental Orange Pi5 I had to alter the set up of seven or eight   
   machines. Sometimes I was doing this a few times a day.   
      
   So I guess my point was, in the real world, many of us implement sub   
   optimal security on our home LAN. I recognise that I am sloppy, but I   
   think I should be careful to prioitorise security measures that improve   
   the most glaring security holes, without impeeding usability.   
      
   Sometimes people are religous about security, hypocritically claiming   
   they never sin, when they do, for pragmatic reasons. In the past I have   
   worked for large prestigous companies that had the most astonishing   
   security loopholes.   
      
   Off the top of my head I have always thought a SSH passphrase and SSH   
   agent might be the best first step. However I really am quite naive so   
   any advice is appreciated.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)   
   SEEN-BY: 10/0 1 15/0 90/1 103/705 105/81 106/201 128/260 129/305 135/225   
   SEEN-BY: 153/757 7715 218/0 1 601 700 840 870 930 220/70 221/1 6 226/17   
   SEEN-BY: 226/30 100 227/114 229/110 112 113 200 206 307 317 400 426   
   SEEN-BY: 229/428 470 550 616 664 700 240/1120 266/512 267/800 282/1038   
   SEEN-BY: 291/111 292/854 301/1 113 812 310/31 320/219 322/757 335/364   
   SEEN-BY: 341/66 342/200 396/45 460/58 633/280 712/848 770/1 3 100   
   SEEN-BY: 770/330 340 772/210 220 230 5020/400 1042 5058/104 5075/35   
   PATH: 770/3 1 218/840 221/6 301/1 218/700 229/426   
      

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca