Archive for the ‘security’ Category

SSH and Windows

Most security-conscious organizations have replaced telnet with ssh for remote access to Unix machines. While the security benefits are well-known and well-understood, there are several other very good reasons to use ssh instead of telnet, such as the use of ssh keys for authentication instead of passwords. Continue reading


signtree is a Perl script that takes a list of files and generates detached signatures for each one, using the GnuPG module. If there is already a signature file, then it is verified, and updated if the signature does not match. This is a development tool, not a mass verification tool. Continue reading


I recently had a need to check the ssh fingerprints of a remote host. ssh-keyscan will do this, but, aggravatingly, doesn’t emit the fingerprint in the same form that the ssh client does. ssh-keygen will display the fingerprint of a host key, but it only works on files. So, I wrote a little shell script, called ssh-hostfpr, that will present the fingerprint of a remote host. It uses ssh-keyscan and ssh-keygen, which should be included with any sane SSH distribution. Continue reading