SSH: Why Doesn’t Key Authentication Work?

 Computing  0 Comments
Nov 192012
 

Over the years, whenever I’ve run into problems getting SSH key authentication to work, there’s always been the problem of a certain lack of information (partially because much of the information is held within the server logs which aren’t always accessible). This post is running through some of the issues I’ve encountered.

  1. The file server-to-login-to:~user/.ssh/authorized_keys has the key in, but the values are stored on multiple lines (as can happen when the contents are pasted in). Simply join the lines together, removing any extra spaces added by the editor, and it should work. Usually caused by pasting the key.
  2. Naming the file server-to-login-to:~user/.ssh/authorized_keys incorrectly – my fingers seem to prefer authorised_hosts – which whilst the authorised bit is the correct spelling, the code expects the Americanised spelling. Although you can set AuthorizedKeysFile to a space separated list of files, it’s usually best to assume it hasn’t been done.
  3. Getting confused over public/private keys. Not that I’m ever going to admit to being as dumb as to put the private key into the authorized_keys file, but it’s worth reminding myself that the private key belongs on the workstation I’m trying to connect from.
  4. Trying to login to a server where key authentication has been disabled (why would anyone do this?). Check PubkeyAuthentication in /etc/ssh/sshd_config.
  5. Not one of my mistakes (I’m on the side who disabled root logins), but logging in as root directly is often turned off.
  6. The permissions on the server-to-login-to:~user/.ssh directory and the file server-to-login-to:~user/.ssh/authorized_keys need to be very restricted. Basically no permissions for anyone other than the owner.

I am sure there are plenty of other possible mistakes, but running through this checklist seems to work for me.

The Paedophile Witch-Hunt

 General, Media  0 Comments
Nov 162012
 

Way back in the 15th, and 16th centuries there was an outbreak of mass hysteria where in many instances the mere accusation of a crime could very well result in finding yourself tied to a stake with a bonfire burning around your feet. The crime? Well it is arguably the case that the victims tended to be inconvenient women – women of power, individuality, or just a trifle too odd for a misogynist. Ignoring the so-called crime itself, there is a great deal of similarity between the hysteria surrounding those ancient witchcraft panics, and the modern day paedophilia panics.

Although paedophilia is a real and serious crime –  in fact because paedophilia is such a serious crime – we need to be very careful about accusations of paedophilia. An accusation is enough to do irreparable damage to a person’s reputation, career, marriage, or even life. Which sounds a reasonable enough start at a punishment for a paedophile, but an accusation doesn’t mean someone is guilty. Again, again (although it is interesting how this story has been inflated over the years), again, again, again, again, again, again,  and again, those who take the law into their own hands have been shown to make mistakes.

And last week with the combination of old media (Newsnight) and new media managed to “name and shame” a totally innocent party: Lord McAlpine. His supposed victim has since indicated that he was mistaken about the identity of his abuser, and that it was not Lord McAlpine. Newsnight managed to “leak” enough information for other parties (the “new media” bloggers) to figure out the name.

No matter how serious the crime, an alleged perpetrator is entitled to present a defence; indeed under British justice an accuser has to demonstrate beyond reasonable doubt that the perpetrator is guilty. And “trial by twitter” is certainly not a fair system of justice.

Of course none of this means we should be taking accusations by the victims any less seriously. Such a victim may well misidentify the perpetrator for all sorts of possible reasons, but that does not mean the crime has not taken place. An accusation needs to be properly investigated to identify the real perpetrator(s), and done in such a way that any potential perpetrators who have been shown to be innocent do not suffer in any way.

Misidentifying an attacker may sound the kind of thing that is pretty unlikely, but is hardly impossible. As an example, within the city I live there used to be someone who looked enough like me for a significant number of people to walk up to me and have a long conversation without realising they were talking to the wrong person.

Tory MP In Reality Show Furore

 Media, Politics  0 Comments
Nov 062012
 

Today came the news that Nadine Dorries (a Tory MP) is being suspended as a Tory (not an MP) for appearing on the reality TV show called “I’m a Celebrity… Get Me Out of Here”.

Now I’m hardly the most ardent Tory supporter in the country – in fact I can’t stand them, and a quick look indicates that I’m even less likely to like Nadine’s favourite hobby horses. But I believe all this fuss is a little over the top, and perhaps there is a certain amount of snobbishness getting involved here. To a certain extent this is understandable, as the reality show in question is hardly in the calibre of “Question Time” or some other serious current affairs programme.

And there is the concern of who will do her job, when she’s off in Australia getting filmed doing ridiculous stuff on camera.

But we do not know that Nadine hasn’t already or plans to make suitable arrangements to ensure that any urgent demands by her constituents are met in some way or another. And what about all the other part-time MPs? Is Nadine the only MP who has ever taken time off from her duties to do something else? Let’s not have double standards here.

And similarly, there have been plenty of MPs on TV shows of one kind or another. Is it just the type of show that is of concern here? Are other politicians concerned that an MP appearing on this show will bring politicians into disrepute?

If so, I have news for those other politicians – politicians have such a poor reputation that this appearance on a reality show is likely to improve their reputation. And I’m not a fan of the show in question.

Limiting Family Size For Those On Benefits

 Politics  0 Comments
Nov 042012
 

Those sneaky Tories have announced plans to limit child related benefits so that families with large numbers of children would only get benefits for the first two. With this, they have implied that “out there” is a large population of benefit scroungers who make tons of cash by simply breeding like rabbits.

And of course when you put it that way, it sounds like a great idea. Why should those in work pay for the comfort of those too lazy to do anything other than breed like rabbits?

Except those benefits are for the children involved. It is always worth remembering that any benefit cuts in this area will have a negative effect on the children involved. Or do the Tories plan to take into care any “surplus” children by force?

And even if there were a large number of benefit scroungers benefiting from the “generous” child related benefits, they are almost certainly far outnumbered by those who are not scroungers, but need benefits for genuine reasons.

What about the carpenter who whilst he earns a reasonable wage to support himself, his wife, and a single child, suddenly finds himself the father of sextuplets ?

What about the house husband whose wife previously earned big money as a hot-shot barrister, had 6 children over a number of years and who suddenly finds himself along with those six children after his wife is killed in a road accident ?

Or the single mother who works hard at a cleaning job, but finds it hard looking after her three children that her feckless husband left her with ?

The Tories have come up with a scheme to punish the poor, and yet have sold it in such a way as to get those poor to support it. What you could call a masterpiece of Machiavellian politics.

 

Apple Demonstrates Its Stupidity Again

 Computing  0 Comments
Nov 032012
 

Previously I ranted about how Apple had “complied” with a UK court order by criticising the decision made by the UK courts and implying they had gotten it wrong. Now Apple have been dragged into court again to explain their lack of compliance, and been ordered to remove their previous statement and replace it with another whose wording has been dictated by the court.

Apple in a mind-blowing exhibition of stupidity tried to claim that whilst it would take just 24 hours to take down their previous statement, it would take up to 14 days to put up a replacement statement. For “technical reasons”.

Now as it happens, in addition to writing drivel on this website (where the only delay “technical reasons” might impose would be due to an infrastructure failure/upgrade, but “personal reasons” might well impose a 14-day delay), I have been involved in more “corporate” websites where content management systems can indeed impose “technical reasons” for a delay in updating a website. But not 14 days! More like a few hours, or at most 24 hours.

And if a content management system does impose a long delay in publishing website updates, it is always possible to bypass the CMS to publish emergency updates. Even if it is necessary to “break” the CMS to do so.

It may very well be that an internal approval process within Apple’s CMS normally requires 14 days for an update to be published. In which case the reason for the supposed 14 day delay is for “business reasons” rather than “technical reasons”.

Of course there is also another possibility. Given that Apple have recently launched new products, they may be very reluctant to put anything up on their home page (which the revised court order now requires) which distracts from their new product. You do have to wonder if this mysterious delay for “technical reasons” is in fact so that nobody gets distracted from the pretty pictures of Apple’s new products.

That would be very, very silly of them.

The court evidently did not think much of Apple’s excuse of why they could not put up a replacement statement promptly and have given them 48 hours to comply. So either Apple has to comply within 48-hours – demonstrating that they lied in court, or has to come up with detailed technical reasons why they cannot comply – which will demonstrate they are surprisingly incompetent when it comes to technical matters.

Neither alternative is comfortable for Apple executives, but this position is all their fault.

 Older Entries  Newer Entries