Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Is my terminal input secure?
Special Forums Cybersecurity Is my terminal input secure? Post 302224889 by era on Thursday 14th of August 2008 06:36:22 AM
Old 08-14-2008
Root can do anything. Don't run it on a box where you do not trust root.

(The question is not well stated, though. The problem is not in the security of your terminal input, it's in the security of where that input ends up in the memory of a remote computer whose administrator you do not trust.)
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

How to suppress input keying from displaying on terminal.

I'm a Unix newbie. In a shell-script, is there any way to accept keyboard input (via STDIN) without having it display on the screen? I know keying in a login password sort of does this by replacing what you key with astericks (*) but I believe that's a "C" routine. I'd like to be able to... (2 Replies)
Discussion started by: liteyear18
2 Replies

2. UNIX for Advanced & Expert Users

connecting to unix through hyper terminal - as a dumb terminal

I just changed from windows NT to XP and I am no longer able to connect to my unix system. I used to use hyper terminal -- which acts as dumb terminal to my main frame unix system. I think one of the options used to be "direct to comX". This option isn't listed now. I use a serial port and the... (2 Replies)
Discussion started by: michelle
2 Replies

3. Solaris

Secure FTP Problem using Sun SSH on Client system F-Secure on Server system

I am using shell script to do secure ftp. I have done key file setup to do password less authentication. Following are the FTP Details: FTP Client has Sun SSH. FTP Server has F-Secure. I am using SCP Command to do secure copy files. When I am doing this, I am getting the foll error scp:... (2 Replies)
Discussion started by: ftpguy
2 Replies

4. Shell Programming and Scripting

Don't show keyboard input on terminal

I am developing a script that will run with '/bin/ksh' shell. The script is intended to receive a password by keyboard input, but for security reasons I would like to hide what the user is typing. The keyboard input is being caught by 'read' command. exmaple : echo "Please type your new... (1 Reply)
Discussion started by: marianor31
1 Replies

5. UNIX for Advanced & Expert Users

Pseudo-terminal will not be allocated because stdin is not a terminal.

I am trying to automate a SSH login using Keys using the following command ssh -i id_rsa usernamw@ipaddr. I am successful in doing this and i am getting the Warning Screen and I logon successfully. but when I am executing the command tail -1cf put.dat | ssh -i id_rsa username@ipaddr > get.dat ... (1 Reply)
Discussion started by: Shivdatta
1 Replies

6. UNIX for Dummies Questions & Answers

how to check the user input from terminal

Hello everybody!!! I am writing my own rm command in unix. I prompt the user to type if he wants to delete a file and then read what he typed. But how do i check what he typed? This is my program so far: echo 'Delete prog1.c (y/n)?' read yesOrNo if yesOrNo == 'y' then rm prog1.c... (6 Replies)
Discussion started by: mskart
6 Replies

7. Programming

Number of bytes in terminal input queue w/o blocking and consuming?

Hello, everyone. Could someone, please, tell me how to get the number of bytes in the terminal input queue without blocking and without consuming these bytes? I guess it could be called the peek functionality. I've looked at termio tcgetattr() and tcsetattr() functions but could not find... (4 Replies)
Discussion started by: Lucy.Garfeld
4 Replies

8. Shell Programming and Scripting

Cannot get terminal application to launch with a graphical launcher when successful in terminal

I have been having an extremely annoying problem. For the record, I am relatively new at this. I've only been working with unix-based OS's for roughly two years, mostly Xubuntu and some Kali. I am pretty familiar with the BASH language, as that's the default shell for debian. Now, I've made this... (16 Replies)
Discussion started by: Huitzilopochtli
16 Replies

9. Shell Programming and Scripting

Print Terminal Output Exactly how it Appears in the Terminal to a New Text File

Hello All, I have a text file containing output from a command that contains lots of escape/control characters that when viewed using vi or view, looks like jibberish. But when viewed using the cat command the output is formatted properly. Is there any way to take the output from the cat... (7 Replies)
Discussion started by: mrm5102
7 Replies

10. What is on Your Mind?

Should we use CODE Tags for terminal input and output?

I've always used code tags for code but not for showing terminal input and output. I noticed a mod edited one of my threads and now I'm confused as to proper protocol. Mike (5 Replies)
Discussion started by: Michael Stora
5 Replies

LEARN ABOUT SUNOS

dnssec-trust-anchors.d

DNSSEC-TRUST-ANCHORS.D(5)				      dnssec-trust-anchors.d					 DNSSEC-TRUST-ANCHORS.D(5)

NAME

       dnssec-trust-anchors.d, systemd.positive, systemd.negative - DNSSEC trust anchor configuration files

SYNOPSIS

       /etc/dnssec-trust-anchors.d/*.positive

       /run/dnssec-trust-anchors.d/*.positive

       /usr/lib/dnssec-trust-anchors.d/*.positive

       /etc/dnssec-trust-anchors.d/*.negative

       /run/dnssec-trust-anchors.d/*.negative

       /usr/lib/dnssec-trust-anchors.d/*.negative

DESCRIPTION

       The DNSSEC trust anchor configuration files define positive and negative trust anchors systemd-resolved.service(8) bases DNSSEC integrity
       proofs on.

POSITIVE TRUST ANCHORS

       Positive trust anchor configuration files contain DNSKEY and DS resource record definitions to use as base for DNSSEC integrity proofs. See
       RFC 4035, Section 4.4[1] for more information about DNSSEC trust anchors.

       Positive trust anchors are read from files with the suffix .positive located in /etc/dnssec-trust-anchors.d/, /run/dnssec-trust-anchors.d/
       and /usr/lib/dnssec-trust-anchors.d/. These directories are searched in the specified order, and a trust anchor file of the same name in an
       earlier path overrides a trust anchor files in a later path. To disable a trust anchor file shipped in /usr/lib/dnssec-trust-anchors.d/ it
       is sufficient to provide an identically-named file in /etc/dnssec-trust-anchors.d/ or /run/dnssec-trust-anchors.d/ that is either empty or
       a symlink to /dev/null ("masked").

       Positive trust anchor files are simple text files resembling DNS zone files, as documented in RFC 1035, Section 5[2]. One DS or DNSKEY
       resource record may be listed per line. Empty lines and lines starting with a semicolon (";") are ignored and considered comments. A DS
       resource record is specified like in the following example:

	   . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5

       The first word specifies the domain, use "."  for the root domain. The domain may be specified with or without trailing dot, which is
       considered equivalent. The second word must be "IN" the third word "DS". The following words specify the key tag, signature algorithm,
       digest algorithm, followed by the hex-encoded key fingerprint. See RFC 4034, Section 5[3] for details about the precise syntax and meaning
       of these fields.

       Alternatively, DNSKEY resource records may be used to define trust anchors, like in the following example:

	   . IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=

       The first word specifies the domain again, the second word must be "IN", followed by "DNSKEY". The subsequent words encode the DNSKEY
       flags, protocol and algorithm fields, followed by the key data encoded in Base64. See RFC 4034, Section 2[4] for details about the precise
       syntax and meaning of these fields.

       If multiple DS or DNSKEY records are defined for the same domain (possibly even in different trust anchor files), all keys are used and are
       considered equivalent as base for DNSSEC proofs.

       Note that systemd-resolved will automatically use a built-in trust anchor key for the Internet root domain if no positive trust anchors are
       defined for the root domain. In most cases it is hence unnecessary to define an explicit key with trust anchor files. The built-in key is
       disabled as soon as at least one trust anchor key for the root domain is defined in trust anchor files.

       It is generally recommended to encode trust anchors in DS resource records, rather than DNSKEY resource records.

       If a trust anchor specified via a DS record is found revoked it is automatically removed from the trust anchor database for the runtime.
       See RFC 5011[5] for details about revoked trust anchors. Note that systemd-resolved will not update its trust anchor database from DNS
       servers automatically. Instead, it is recommended to update the resolver software or update the new trust anchor via adding in new trust
       anchor files.

       The current DNSSEC trust anchor for the Internet's root domain is available at the IANA Trust Anchor and Keys[6] page.

NEGATIVE TRUST ANCHORS

       Negative trust anchors define domains where DNSSEC validation shall be turned off. Negative trust anchor files are found at the same
       location as positive trust anchor files, and follow the same overriding rules. They are text files with the .negative suffix. Empty lines
       and lines whose first character is ";" are ignored. Each line specifies one domain name which is the root of a DNS subtree where validation
       shall be disabled.

       Negative trust anchors are useful to support private DNS subtrees that are not referenced from the Internet DNS hierarchy, and not signed.

       RFC 7646[7] for details on negative trust anchors.

       If no negative trust anchor files are configured a built-in set of well-known private DNS zone domains is used as negative trust anchors.

       It is also possibly to define per-interface negative trust anchors using the DNSSECNegativeTrustAnchors= setting in systemd.network(5)
       files.

SEE ALSO

       systemd(1), systemd-resolved.service(8), resolved.conf(5), systemd.network(5)

NOTES

	1. RFC 4035, Section 4.4
	   https://tools.ietf.org/html/rfc4035#section-4.4

	2. RFC 1035, Section 5
	   https://tools.ietf.org/html/rfc1035#section-5

	3. RFC 4034, Section 5
	   https://tools.ietf.org/html/rfc4034#section-5

	4. RFC 4034, Section 2
	   https://tools.ietf.org/html/rfc4034#section-2

	5. RFC 5011
	   https://tools.ietf.org/html/rfc5011

	6. IANA Trust Anchor and Keys
	   https://data.iana.org/root-anchors/root-anchors.xml

	7. RFC 7646
	   https://tools.ietf.org/html/rfc7646

systemd 237														 DNSSEC-TRUST-ANCHORS.D(5)
All times are GMT -4. The time now is 07:22 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy