Is SSH safer or more vulnerable with password auth?

Similar Messages

• My Norton Identity Safe won't work with the new version (4) of Firefox AND the new version isn't asking me to Remember my password info either - SO I now have to type in my password info wherever I go which is NOT a good thing. What can I do???

  I have Norton Internet Security.
  When I downloaded the new FF4 they said that a part of Norton wasn't compatible - and it seems that that part must have been my Identity Safe which holds all my password info & fills in all of my passwords for me.
  You say this new version of FF automatically prompts me to have it save this info for me, but I sure didn't see that prompt and now every time I visit my online banking (and credit card site, etc, etc,) I have had to type in all this info myself.
  This certainly is not convenient!
  It's bad enough I just get used to one system and you all go & reinvent the wheel -BANG!
  Hasn't anyone ever heard of baby steps?

  Hmmm, Norton extensions are broken again in Firefox 4.0.1. It seems that Norton didn't allow for Firefox 4.0 security updates when they updated their Firefox extension for Firefox 4.0. Norton says they'll have a fix in two weeks. A Norton user posted a fix in this forum thread.
  http://community.norton.com/t5/Norton-Internet-Security-Norton/Norton-Toolbar-not-compatible-with-FF-4-0-1/td-p/442788

• Vulnerability with ssh in OpenSSH in an RHEL installation

  There was a security analysis run on one server which has RHEL 5.8 installed and it is showing security vulnerabilities with respect to ssh in OpenSSH with reference no CVE-2007-4752. The vulnerability solution in the security report is showing solution as below:
  Download and apply the upgrade from: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH
  I went to this site but it is showing lots of files on this site and it is not clear which patch/file to execute.
  I hope my query is clear as to how to take care of this vulnerability with ssh in OpenSSH in an RHEL installation.
  Please revert with the reply to my query.
  Regards

  975148 wrote:
  Request people in this forum to please revert.
  Regards
  You posted that second comment a mere three hours after starting this thread.
  Your urgency is irrelevant.   This is a Community discussion forum.   People are NOT just sitting around waiting for you to ask questions.   At all times, half the globe is asleep when you post.
  Next,
  You once again posted your question to other online discussion forums and failed to have the courtesy to mention the fact to anyone.
  http://www.unix.com/red-hat/236667-vulnerability-ssh-openssh-rhel-installation.html
  You've been cautioned about that habit before.
  You have your answer in that other forum site.
  This thread is locked.

• Sftp batch job with password?

  Hi folks.
  We're trying to develop scripts to automate the transfer of files from various Windows machines to a Linux server.  Because the job involves moving multiple files to multiple directories, I wanted to use sftp's -B batchfile option to transfer the files instead of having to reauthenticate every time we transfer files to a different location.  However, the man page says:
  Batch mode. Reads commands from a file instead of standard input. Since this mode is intended for scripts, SFTP2 will not try to interact with the user, which means that only passwordless authentication methods will work.
  I would love to use keys to get this done but unfortunately, the type of authentication on the server is out of our control and not likely to change (it's straight password).  So, is there any way I can do this in batch mode with password authentication?  I thought about using scp but, as far as I can tell, it doesn't have great support for delivering multiple local files (in different locations) to multiple remote locations.  One would have to re-authenticate for every scp command, right?
  Any help would be appreciated.  Thanks.

  Thanks for the recommendation, Endperform, but after reading up on expect and autoexpect, I realized I'd rather not have usernames and passwords hard coded into the script.
  After much research, I think I've found a solution.  It's a little odd but the Maverick Ant library does exactly what I need it to do.  It can actually read an ssh profile, perform multiple transfers without having to re-authenticate and execute multiple remote commands without having to reauthenticate.  The native Ant libraries can't do this.  There is no sftp Ant task and the scp and sshexec tasks are lacking to say the least.
  If anyone else runs into a similar situation, I highly recommend the Maverick tool.

• Cannot login with password containing non-ascii characters

  Hello,
  I have web application, form based login. UTF-8 is specified "everywhere".
  And it works, except for passwords.
  If user register itself with password containing non-ascii characters, it is correctly written in database, but when doing either programmatic login or normal form based login, if fails.
  If the password is only ascii, it works.
  Username of login could be ascii or non-ascii, it doesn't matter, both works.
  I'm using sun java application server 9.1.
  jdbc realm.
  I'm not using hashing passwords, just clean (now)
  I tried configure realm Charset: UTF8 as last chance, but it doesn't work either.
  The problem is only with non-ascii characters in password.
  Any help very appreciated
  Thanks a lot

  hi,
  I know all that, but that's not the case. My app uses preparedStatements, everything is properly configured, in all pages, utf-8 is going from user to db and back without any problems.
  The only problem is with password field. As I am using form based login, with jdbc realm configured (again, nicely working when only ascii characters), I have very little chance to do something bad through the login phase.
  I'm not talking about special characters, I'm talking about non-ascii characters, let's say - Chinese, arabish, Russian alphabet etc.
  When user registers (my code), the fields are properly written to db. I have checked that, trust me.
  But the Sun app server realm seems to have some problems with the password field.
  (realm uses jdbc connection to mysql, the url contains all extra parameters to be sure about utf8. there is nothing more what can be configured...)
  If I try other alphabet codes in login and ascii in password, it works. But soon, as I use other alphabet code also in password, it doesn't work anymore.
  My only idea is, that I could try MD5 to create ascii only characters (I hope it works that way) on the client with javascript and then set Digest to MD5 in realm configuration. But still, it seems very strange. The clear way storage should also function? (now set Digest to 'none')
  Is it a bug of Sun App Server?
  thanks

• Encrypt sensitive with password and calling sub pkgs

  Hi we run 2012 enterprise and r introducing a db2 connection that "allows saving password".
  We run from the file system (not the catalog) and face a challenge.
  The default prot level on the SUB PACKAGE that has the db2 connection (only such connection right now) prevents our prod credentials from making the connection because its a different user than the one that created the sub pkg.
  Encrypt sensitive with password seems a more strategic alternative but I dont know if the param (I think its called "decrypt") on the dtexec command line that allows passing a password at run time applies to just the parent pkg or all subs also.
  I dont want to delay validation.  I wouldnt even mind changing the xml connection string (by entering pswd in whatever syntax is necessary) using notepad but dont know what issues that will cause.
  I wouldnt mind having someone logon and "re" save  the pkg using the credentials of our prod userid and choosing the default prot level instead.
  I also wonder if none of the other pkgs (including master) dont have any sensitive data, can their prot level defaults be left alone?
  Can the community comment?

  If you are having sensitive info (passwords for conn strings etc) in our packages, the best way is to change the protection level to "encrypt sensitive with password" and then provide the password.
  When we schedule a job or exec the parent package, the child packages are called automatically.
  Thanks, hsbal

• Save text to pc with password

  Am i able to transfer text msgs from phone to computer and stop other people accessing them. I have windows xp and a nokia 6230i with pc software. i know how to save word docs etc with passwords, but not sure how nokia pc suite stores the info. how do i save the info with a password . i understood that the backup facility was the way to transfer the text n photos, but this didnt give me the option of saving securly with password. it has taken me ages to delete any trace so that i can start again. many have access to this pc so i dont want others viewing my text or photos .i want to be able to save all text and photos to pc and delete them from my phone.....please help...ps not that computer literate so please keep it simple thank you

  I have exactly the same problem.
  I did think about writing a viewer, just to read each sms file and extract the relevant data. But because my programming skills are so weak it would take me like a month to do it.
  Anyone at Nokia with more skills than me got a spare hour to write a viewer?

• About UNZIP with password, is there any non-free tool can get it done? Than

  I am trying to use JAVA on our web application to unzip some ZIP file, however, those ZIP has password on it. Although I know what the password is, I can not make program unzip for me, since we all know that JAVA's bulit-in unzip engine does not support password.
  My question is: If I like to pay for whatever the solution is, is there one JAVA version that support unzip with password? If not, is there any other way to solve this?
  Thank you very much

  Hi,
  Please check if this happens in [https://support.mozilla.com/en-US/kb/Safe%20Mode Safe Mode] after enabling only the PDF plugin in '''Tools''' ('''Alt''' + '''T''') > '''Add-ons''' > '''Plugins'''. You can also '''Disable''' the PDF plugin and try an alternative, for eg. [https://addons.mozilla.org/en-US/firefox/addon/pdfjs/?src=cb-dl-created pdf.js]. Please also go through the add-on reviews, ratings, help and FAQ.
  [http://kb.mozillazine.org/Problematic_extensions Problematic Extensions]
  [https://support.mozilla.com/en-US/kb/Troubleshooting%20extensions%20and%20themes Troubleshooting Extensions and Themes]
  [http://support.mozilla.com/en-US/kb/Uninstalling+add-ons Uninstalling Add-ons]
  [http://kb.mozillazine.org/Uninstalling_toolbars Uninstalling Toolbars]
  [http://support.mozilla.com/en-US/kb/Cannot%20uninstall%20an%20add-on Cannot Uninstall Add-on]
  [https://support.mozilla.com/en-US/kb/Troubleshooting%20plugins Troubleshooting Plugins]
  [http://kb.mozillazine.org/Testing_plugins Testing Plugins]

• Troubles with passwords after upgrade

  Hi, we upgraded the system from 4.6 to ECC 6. and now some of our users have the problems with passwords (login).
  We suspect that more users have the same password. Is it possible that in new verision users need to have different passwords?
  Thanks and BR
  Saso

  Note: SAP ECC 6.0 password is Case Sensitive.
  Regards
  Vinayak

• Opening docs with password crashes adobe reader

  I have Adobe reader 9 installed on my win-xp machine.It used to work fine till I installed our product that makes use of some
  Bsafe libraries.Now whenever I open a doc with password it crashes adobe reader.Did anyone face a similar issue? Any workaround?

  Pat:
  Thank you again. I saved the file to my Desktop and when I opened Adobe Reader the file opened.
  This will help with much more than Adobe.  I owe you.
  Thanks,
  Bernie.

• Password reset problem with Password sync and Waveset exception

  Hi,
  We are using IdM 5 SP 5 with password sync installed on ad.
  Once a user tries to change password by using Ctrl-Alt-Del, password sync intercepts the requests and then invoke an IdM change user password form, but on the log we see the following exceptions. Can anyone identity what are the nature/reason for the exceptions?
  [#|2005-08-17T16:22:14.914-0400|INFO|sun-appserver-ee8.1|javax.enterprise.system.stream.out|_ThreadID=24;|
  WavesetException: Constructor threw an exception.
  ==> java.lang.reflect.InvocationTargetException:
  ==> Missing required argument "operator". |#]
  [#|2005-08-17T16:22:14.917-0400|WARNING|sun-appserver-ee8.1|javax.enterprise.system.stream.err|_ThreadID=24;|com.waveset.util.WavesetException: Constructor threw an exception.
  ==> java.lang.reflect.InvocationTargetException:
  ==> Missing required argument "operator".
  at com.waveset.util.WavesetException.checkBreakpoint(WavesetException.java:366)
  at com.waveset.util.WavesetException.<init>(WavesetException.java:159)
  at com.waveset.util.Reflection.throwInstantiation(Reflection.java:266)
  at com.waveset.util.Reflection.instantiate(Reflection.java:350)
  at com.waveset.expression.ExNew.eval(ExNew.java:144)
  at com.waveset.expression.ExNode.evalToObject(ExNode.java:439)
  at com.waveset.expression.ExFunction$f_list.eval(ExFunction.java:2557)
  at com.waveset.expression.ExNode.evalToObject(ExNode.java:439)
  at com.waveset.object.Property.getValue(Property.java:232)
  at com.waveset.object.AbstractViewHandler.getFormOptions(AbstractViewHandler.java:166)
  at com.waveset.view.ChangeUserPasswordViewer.refreshView(ChangeUserPasswordViewer.java:168)
  at com.waveset.view.PasswordViewer.checkinView(PasswordViewer.java:258)
  at com.waveset.server.ViewMaster.checkinView(ViewMaster.java:629)
  at com.waveset.session.LocalSession.checkinView(LocalSession.java:660)
  at com.waveset.rpc.GenericMessageHandler.doCheckin(GenericMessageHandler.java:1491)
  at com.waveset.rpc.GenericMessageHandler.syncUserPassword(GenericMessageHandler.java:2639)
  at sun.reflect.GeneratedMethodAccessor177.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.waveset.rpc.GenericMessageHandler.request(GenericMessageHandler.java:350)
  at com.waveset.rpc.SimpleRpcHandler.doRequest(SimpleRpcHandler.java:164)
  at com.waveset.rpc.SimpleRpcHandler.doRequest(SimpleRpcHandler.java:128)
  at org.openspml.server.SOAPRouter.doPost(SOAPRouter.java:500)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:767)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:264)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
  at com.sun.enterprise.web.connector.httpservice.HttpServiceProcessor.process(HttpServiceProcessor.java:221)
  at com.sun.enterprise.web.HttpServiceWebContainer.service(HttpServiceWebContainer.java:2072)
  Wrapped exception:
  java.lang.reflect.InvocationTargetException
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
  at com.waveset.util.Reflection.instantiate(Reflection.java:334)
  at com.waveset.expression.ExNew.eval(ExNew.java:144)
  at com.waveset.expression.ExNode.evalToObject(ExNode.java:439)
  at com.waveset.expression.ExFunction$f_list.eval(ExFunction.java:2557)
  at com.waveset.expression.ExNode.evalToObject(ExNode.java:439)
  at com.waveset.object.Property.getValue(Property.java:232)
  at com.waveset.object.AbstractViewHandler.getFormOptions(AbstractViewHandler.java:166)
  at com.waveset.view.ChangeUserPasswordViewer.refreshView(ChangeUserPasswordViewer.java:168)
  at com.waveset.view.PasswordViewer.checkinView(PasswordViewer.java:258)
  at com.waveset.server.ViewMaster.checkinView(ViewMaster.java:629)
  at com.waveset.session.LocalSession.checkinView(LocalSession.java:660)
  at com.waveset.rpc.GenericMessageHandler.doCheckin(GenericMessageHandler.java:1491)
  at com.waveset.rpc.GenericMessageHandler.syncUserPassword(GenericMessageHandler.java:2639)
  at sun.reflect.GeneratedMethodAccessor177.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.waveset.rpc.GenericMessageHandler.request(GenericMessageHandler.java:350)
  at com.waveset.rpc.SimpleRpcHandler.doRequest(SimpleRpcHandler.java:164)
  at com.waveset.rpc.SimpleRpcHandler.doRequest(SimpleRpcHandler.java:128)
  at org.openspml.server.SOAPRouter.doPost(SOAPRouter.java:500)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:767)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:264)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
  at com.sun.enterprise.web.connector.httpservice.HttpServiceProcessor.process(HttpServiceProcessor.java:221)
  at com.sun.enterprise.web.HttpServiceWebContainer.service(HttpServiceWebContainer.java:2072)
  Caused by: java.lang.IllegalArgumentException: Missing required argument "operator".
  at com.waveset.object.AttributeCondition.confirmMembers(AttributeCondition.java:436)
  at com.waveset.object.AttributeCondition.<init>(AttributeCondition.java:370)
  at com.waveset.object.AttributeCondition.<init>(AttributeCondition.java:408)
  ... 38 more
  |#]
  [#|2005-08-17T16:22:14.918-0400|INFO|sun-appserver-ee8.1|javax.enterprise.system.stream.out|_ThreadID=24;|
  XPRESS <new> exception:|#]
  [#|2005-08-17T16:22:14.918-0400|INFO|sun-appserver-ee8.1|javax.enterprise.system.stream.out|_ThreadID=24;|
  com.waveset.util.WavesetException: Constructor threw an exception.
  ==> java.lang.reflect.InvocationTargetException:
  ==> Missing required argument "operator". |#]
  Thanks,
  David

  If thjis is a reproducible problem log a support case with the traces and have them figure it out for you.
  WilfredS

• IPP printing with password

  Hello.
  I use IPP Printing with Password.
  When I set up IPP Printer,I must input  my domain account password
  The Password was recorded in printer port setting.
  When I Print with IPP Printer,I do not need to input my domain password
  But when I change domain password , my printer port password was not change!.
  Is there a way that
  after I change the domain password,
  give a pop to password
  change when you were IPP printing?
  Or, Is there a way to enter
  a password every IPP printing?
  Regards.

  Hi,
  It should have something to do with authentication setting on printer server.
  To get more effective help, please redirect to Windows server forum:
  http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverprint&filter=alltypes&sort=lastpostdesc
  Thanks!
  Andy Altmann
  TechNet Community Support

• More Administration with Airport Extreme?

  I recently purchased an Airport Extreme and I was wondering if there was any way to be more administrative with it? I don't mind using 3rd party software.
  I'd like to be able to remove others from my network without having to change the network password.
  I'd like to be able to limit the time span for usage on the network for certain users. (Only able to use the network between certain times)
  I'm not an expert when it comes to networking, but if any of this is possible, I'd appreciate some feedback.
  Thank you!

  The Timed Access settings in AirPort Utility will allow you to control "who" connects to your network and "when" they can connect.
  AirPort Utility >Click AirPort icon > Edit > Network tab > Enable Timed Access
  For more information, click the Help menu at the top of the screen
  Click AirPort Utility Help
  Click Setting up a WiFi network,
  Click Control when a user can access your network, and also
  Click Control access to your wireless network.

• HT4061 i've blocked iphone 5 with password, and now it says that is not the correct one. how can i unlock it? or restore it?

  i've blocked iphone 5 with password, and now it says that is not the correct one. how can i unlock it? or restore it?

  Hi there itiago,
  I would recommend that you take a look at the article below for more information on forgotten passcodes in iOS.
  iOS: Forgotten passcode or device disabled after entering wrong passcode
  http://support.apple.com/kb/HT1212
  Hope that helps,
  Griff W.

• RSS Feed with Password Protected Blog

  I just got done setting up a password protected blog on my .mac site w/ personal domain. I tested out the RSS Feed in NewsFire, and it worked fine (prompted for username and password), and it also works in the Mail program. I had a friend ask if it would work in her Google Reader, so I tried it out using my Google account, and it doesn't seem to want to work -- says the feed cannot be retrieved. Same thing when I tried to plug it into my Yahoo page. I set up another site with a test blog w/ no password protection, and it worked fine in the Google reader.
  So I am assuming that the other readers are just not sophisticated enough to display feed from a password protected page. So my question is whether or not there's anything I can do (or advise them to do) to get around it.
  TIA for any perspective.

  Hi, JO
  I'm having the same problem with password protection on, though I hadn't tested with it off.
  I don't have a solution (though I'd like to find one), but I can add more info to the problem: when I tested my website on Internet Explorer in Windows (I run windows on my iMac with Parallels), the search function did work with the password protection on.
  I'd really like to know how to get the Search button to work on the Mac with password protection on.
  NE