On Tue, 17 Jun 2014 22:00:49 -0400
Jerry Stuckle wrote:
> On 6/17/2014 7:41 PM, Celejar wrote:
> > On Sat, 14 Jun 2014 22:32:16 -0400
> > Jerry Stuckle wrote:
> >
> >> On 6/14/2014 2:06 PM, Patrick Chkoreff wrote:
> >
> > ...
> >
> >>> Here's a way to generate a *truly* random password that i
On 6/17/2014 7:41 PM, Celejar wrote:
> On Sat, 14 Jun 2014 22:32:16 -0400
> Jerry Stuckle wrote:
>
>> On 6/14/2014 2:06 PM, Patrick Chkoreff wrote:
>
> ...
>
>>> Here's a way to generate a *truly* random password that is *also* memorable:
>>>
>>> http://diceware.com
>>>
>>> Instead of using you
On Sat, 14 Jun 2014 22:32:16 -0400
Jerry Stuckle wrote:
> On 6/14/2014 2:06 PM, Patrick Chkoreff wrote:
...
> > Here's a way to generate a *truly* random password that is *also* memorable:
> >
> > http://diceware.com
> >
> > Instead of using your computer to generate allegedly random bits, yo
On Sun, Jun 15, 2014 at 12:32 AM, wrote:
> On Sat, 14 Jun 2014, Bob Proulx wrote:
>>
>> The biggest problem I have found using random passwords is that some
>> sites truncate the password to a shorter number of characters. Some
>> of those are fairly high profile sites! http://www.schwab.com/ i
On Saturday 14 June 2014 19:06:40 Patrick Chkoreff wrote:
> Don Armstrong wrote, On 06/14/2014 01:04 PM:
> > If you just want purely random passwords, though, you might try
> > makepasswd instead. pwgen is more biased towards generating
> > distinguishable, memorable passwords instead of truly rand
On Saturday 14 June 2014 11:57:59 Lisi Reisz wrote:
> On Friday 13 June 2014 22:02:06 Bob Proulx wrote:
> > Just to plug a good tool I like using pwgen to generate truly random
> > passwords. A long random password is sufficiently difficult to
> > exploit. If you are using passwords that are easy
On 14/06/14 13:57, Brian wrote:
On Sat 14 Jun 2014 at 11:50:57 +0100, Iain M Conochie wrote:
Can you categorically state what _are_ the preseed options for the
openssh-server package? I can find 4:
The ones you listed below are for a fresh install of Wheezy. Jessie is
different. This output ca
On Sat, 14 Jun 2014, Bob Proulx wrote:
The biggest problem I have found using random passwords is that some
sites truncate the password to a shorter number of characters. Some
of those are fairly high profile sites! http://www.schwab.com/ is a
good example that truncates passwords at eight cha
On 6/14/2014 2:06 PM, Patrick Chkoreff wrote:
> Don Armstrong wrote, On 06/14/2014 01:04 PM:
>
>> If you just want purely random passwords, though, you might try
>> makepasswd instead. pwgen is more biased towards generating
>> distinguishable, memorable passwords instead of truly random ones.
>
Curt wrote:
> Bob Proulx wrote:
> > Just to plug a good tool I like using pwgen to generate truly random
> > passwords. A long random password is sufficiently difficult to
> > exploit. If you are using passwords that are easy to crack then they
> > should definitely be disabled. Here is an examp
On Sat, 14 Jun 2014 14:06:40 -0400
Patrick Chkoreff wrote:
> Instead of using your computer to generate allegedly random bits,
> you use five six-sided dice to generate truly random bits.
You can also eat peas and count the number of seconds
between two farts, then divide it by the captain's age
Don Armstrong wrote, On 06/14/2014 01:04 PM:
> If you just want purely random passwords, though, you might try
> makepasswd instead. pwgen is more biased towards generating
> distinguishable, memorable passwords instead of truly random ones.
Here's a way to generate a *truly* random password that
On Sat, 14 Jun 2014, Lisi Reisz wrote:
> Can it be set to use anything other than alpha-numeric?
Yes.
$ pwgen -sy 16 1;
Z/;fv!2B:C=^@kvH
If you just want purely random passwords, though, you might try
makepasswd instead. pwgen is more biased towards generating
distinguishable, memorable password
On Sat 14 Jun 2014 at 11:50:57 +0100, Iain M Conochie wrote:
> Can you categorically state what _are_ the preseed options for the
> openssh-server package? I can find 4:
The ones you listed below are for a fresh install of Wheezy. Jessie is
different. This output can be obtained from
debconf-
On Friday 13 June 2014 22:02:06 Bob Proulx wrote:
> Just to plug a good tool I like using pwgen to generate truly random
> passwords. A long random password is sufficiently difficult to
> exploit. If you are using passwords that are easy to crack then they
> should definitely be disabled. Here i
On 06/14/2014 12:57 PM, Lisi Reisz wrote:
> On Friday 13 June 2014 22:02:06 Bob Proulx wrote:
>> Just to plug a good tool I like using pwgen to generate truly random
>> passwords. A long random password is sufficiently difficult to
>> exploit. If you are using passwords that are easy to crack t
To date I haven't been able to find documented lists of preseeds
anywhere, except for the standard debian installer values given in
You haven't looked hard enough.
Debian's and Ubuntu's example preseed files. I found this preseed option
in forum postings somewhere.
Which preseed option? You
On 2014-06-13, Bob Proulx wrote:
>
>
> Just to plug a good tool I like using pwgen to generate truly random
> passwords. A long random password is sufficiently difficult to
> exploit. If you are using passwords that are easy to crack then they
> should definitely be disabled. Here is an example
On 14/06/14 07:18, Brian wrote:
> On Fri 13 Jun 2014 at 23:36:41 +0530, Murukesh Mohanan wrote:
>
>> That's about the bug report that led to all this:
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298138
>
> The usual complaint, I see. password1 is an insecure password for root
> to use so
On Fri, 13 Jun 2014 22:28:31 +0100
Brian wrote:
> It has cropped up on -user from time to time and the very strange
> view that a password login is inherently insecure is sometimes
> advanced.
Well, if you raise the time between P/W attempts to, lets say
30 seconds, it'll take _some_ (looong) ti
On Fri, 13 Jun 2014 15:02:06 -0600
Bob Proulx wrote:
> Just to plug a good tool I like using pwgen to generate truly
> random passwords. A long random password is sufficiently
> difficult to exploit. If you are using passwords that are easy to
> crack then they should definitely be disabled. H
On Fri 13 Jun 2014 at 22:42:49 +0200, B wrote:
> On Fri, 13 Jun 2014 14:25:28 -0600
> Bob Proulx wrote:
>
> > Personally I always use a strong password for root, only very
> > rarely log in as root using a password,
> > mostly use ssh rsa keys with a strong passphrase for remotely
> > loggin
On Fri 13 Jun 2014 at 23:36:41 +0530, Murukesh Mohanan wrote:
> That's about the bug report that led to all this:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298138
The usual complaint, I see. password1 is an insecure password for root
to use so we mustn't allow root to log in via ssh.
B wrote:
> Bob Proulx wrote:
> > Personally I always use a strong password for root, only very
> > rarely log in as root using a password,
> > mostly use ssh rsa keys with a strong passphrase for remotely
> > logging in, but do allow remote root login.
>
> ? You don't need a password (except f
On Fri, 13 Jun 2014 14:25:28 -0600
Bob Proulx wrote:
> Personally I always use a strong password for root, only very
> rarely log in as root using a password,
> mostly use ssh rsa keys with a strong passphrase for remotely
> logging in, but do allow remote root login.
? You don't need a password
Murukesh Mohanan wrote:
> Bob Proulx wrote:
> > was documented in the /usr/share/doc/openssh-server/README.Debian.gz
>
> That's about the bug report that led to all this:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298138
I am familiar with that bug report. It is referenced in the
README.
> > If some ignoramus sets a weak password and get's exploited, because
> > of a old default, I don't see why it should become my problem or
> > yours. The Debian maintainers can set whatever default they chose
> > to, as is their right, but why make a decision to ignore the user's
> > right to ch
Murukesh Mohanan wrote:
> 1. I have explicitly stated that I am automating new installations.
> I don't understand what repeating that statement back to me means.
> I have read README.Debian, and I don't see how it answers my question,
> which is: *why* are you totally ignoring a user-made selectio
A few points:
1. I have explicitly stated that I am automating new installations.
I don't understand what repeating that statement back to me means.
I have read README.Debian, and I don't see how it answers my question,
which is: *why* are you totally ignoring a user-made selection of
pre-exisitn
A few points:
1. I have explicitly stated that I am automating new installations.
I don't understand what repeating that statement back to me means.
I have read README.Debian, and I don't see how it answers my question,
which is: *why* are you totally ignoring a user-made selection of
pre-exisitn
On Sun 08 Jun 2014 at 20:55:19 +0100, Brian wrote:
> This is what you get with a new install of 1:6.6p1-1. It is the
> default. If is not to your liking you have to alter it afterwards.
Or deal with it with late_command in your preseed file.
--
To UNSUBSCRIBE, email to debian-user-requ...@list
On Sat 07 Jun 2014 at 23:08:47 +0530, Murukesh Mohanan wrote:
> I'm trying to use preseeding to automate installation, and
> openssh-server is ignoring a selection
> openssh-server openssh-server/permit-root-login bool true
> The sshd_config always contains
> PermitRootLogin without-pass
32 matches
Mail list logo
