cat ~/.ssh/id_rsa.pub | ssh firstname.lastname@example.org 'mkdir -p ~/.ssh; cat >> ~/.ssh/authorized_keys'
Posts Tagged ‘password’
What’s the online equivalent to leaving your house key under the doormat?
A number of times I have been caught in a situation where I’m not at a computer and need to get something off of my email. I call a friend, entrust them with my password, retrieve the information and proceed to worry that I have (1) allowed my friend to (un)intentionally view something private of mine or (2) at least put my friend in the unfair situation where he needs to convince himself not to snoop. Whether he ever would or should is not the point, the situation of my giving him such a powerful position is bad enough.
Here’s a solution:
When I sign up for a new email account, I should give a normal password and a “one time password”. I don’t tell anyone my OTP. But then if I ever need to let a friend into my account I give them this OTP that works just once.
The email provider could come up with all sorts of different schemes for how the “just once” is defined. By time: logs off automatically after 60 seconds. By activity: logs off after a n searches. Or just limit access for a single session: only able to view certain emails or of a certain age…blah blah blah.
It could be as secure as you wanted to be. The point is that the current situation isn’t secure at all: you have to give out your entire password. I guess the reason giving out your password is not the same as leaving a key under your doormat is that your key is a single object and it doesn’t unlock every door in your house much less provide you with a simple way to search for valuable items.
I love to use mplayer and occasionally mpg123 to stream audio and video from my web server or else where online. But if the file I’m streaming is in a secure folder that uses http authentication, then I have to include my username and password in my execution. On the command line in a terminal this looks like:
mplayer -user username -passwd password http://hostname/file
Both of these display my password in plain text in my terminal. Here’s a quick bash script solution I saved in a file called
#!/bin/bash # # save current stty settings oldstty=`stty -g` read -p "User: " -e user # disable echoing stty -echo read -p "Password: " -e passwd # restore previous stty settings stty $oldstty echo " mplayer -user $user -passwd [hidden] $1" mplayer -user $user -passwd $passwd $1
Adapt and add your favorite mplayer options as necessary.
Note: I’ve noticed that a lot of programs use this format (
-user username -passwd password) so I don’t think it would be much of a stretch to convert this code into a generalized authorization wrapper.