Re: [SLE] Re: [PLUG] ssh rsa authentication troubles

gabriel rosenkoetter on Wed, 24 Jan 2001 06:55:02 -0500 (EST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [SLE] Re: [PLUG] ssh rsa authentication troubles

From: gabriel rosenkoetter <gr@eclipsed.net>

To: plug@lists.phillylinux.org

Subject: Re: [SLE] Re: [PLUG] ssh rsa authentication troubles

Date: Wed, 24 Jan 2001 06:54:07 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.2.5i

On Tue, Jan 23, 2001 at 11:59:48AM -0500, Bill Jonas wrote: > Thank you very much! That worked beautifully. No trouble. > Now, to try to figure out how to get key-based authentication working... > <g> Well, as Martin saw, if you actually want to use ssh2 with an authentication key, you'll have to create a DSA key (not the default, do ssh-keygen -d), and ssh-add it explicitly. (Presuming you have an RSA key too, you'll do something like "ssh-add ~/.ssh/identity ~/.ssh/id_dsa", and you'll have to enter a passphrase for both.) Key-based authentication with ssh is really much more secure, since no password *ever* crosses the wire, even in encrypted form and it takes you back to the magical no-password logins of rsh (with a bit of a pause for key verification). Just do "ssh-keygen ; ssh-keygen -d" and you'll have your keys in ~/.ssh on your local machine. (You'll also set a passphrase... mine is about 26 fairly random characters, but maybe I'm excessively paranoid.) There will also be two public key files (~/.ssh/identity.pub ~/.ssh/id_dsa.pub). Put the RSA version on any hosts you want to login to at ~/.ssh/authorized_keys and the DSA version at ~/.ssh/authorized_keys2 (no, they can't be in the same file; they're in a different format). (Remember that if the sshd on a server doesn't speak protocol 2, the DSA key will be meaningless.) Make sure that you never, ever let anyone get their hands on the non-public versions. (But if they do, all you have to do to make it useless is remove the public key from server where you have access, as long as you get there before the evil person with your private key.) Should be all it takes... ~ g r @ eclipsed.net ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

Follow-Ups:

Re: [SLE] Re: [PLUG] ssh rsa authentication troubles
From: MaD dUCK <madduck@madduck.net>

References:

[PLUG] ssh rsa authentication troubles
From: MaD dUCK <madduck@madduck.net>

Re: [PLUG] ssh rsa authentication troubles
From: gabriel rosenkoetter <gr@eclipsed.net>

Re: [PLUG] ssh rsa authentication troubles
From: MaD dUCK <madduck@madduck.net>

Re: [SLE] Re: [PLUG] ssh rsa authentication troubles
From: MaD dUCK <madduck@madduck.net>

Re: [SLE] Re: [PLUG] ssh rsa authentication troubles
From: gabriel rosenkoetter <gr@eclipsed.net>

Re: [SLE] Re: [PLUG] ssh rsa authentication troubles
From: MaD dUCK <madduck@madduck.net>

Re: [SLE] Re: [PLUG] ssh rsa authentication troubles
From: gabriel rosenkoetter <gr@eclipsed.net>

Re: [SLE] Re: [PLUG] ssh rsa authentication troubles
From: Bill Jonas <bill@billjonas.com>

Re: [SLE] Re: [PLUG] ssh rsa authentication troubles
From: gabriel rosenkoetter <gr@eclipsed.net>

Re: [SLE] Re: [PLUG] ssh rsa authentication troubles
From: Bill Jonas <bill@billjonas.com>

Prev by Date: [PLUG] Reset NT passwords with Linux

Next by Date: Re: [SLE] Re: [PLUG] ssh rsa authentication troubles

Previous by thread: Re: [SLE] Re: [PLUG] ssh rsa authentication troubles

Next by thread: Re: [SLE] Re: [PLUG] ssh rsa authentication troubles

Index(es):

Date

Thread