Mike Leone on Tue, 18 Sep 2001 10:17:31 -0400


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SSH question


> On Mon, Sep 17, 2001 at 09:51:44PM -0400, Michael Leone wrote:
> > So what do I need to do to get prompted for *both* the passphrase *and*
> > the user ID/password on the remote system? Or is that not possible?
>
> The whole point of using key-based authentication is so that you don't
> have to supply a username and password for the remote side.  I don't
> know that it's possible to do what you want (without hacking the
> source).

Yeah, I pretty much started to come to the same conclusion.

My on-site consultant is concerned (somewhat justly so) for this reason: we
use a Pick OS-based system (Pick runs as a virtual OS on topof AIX 4.3.1).
We also use a special terminal emulator program under Windows (called
AccuTerm), that is designed specifically to integrate with a multi-valued OS
like Pick.

AccuTerm only supports SSH1, and doesn't create it's own keys; it has no
key-generation routine. Consequently, if you connect using AccuTerm, you get
just the normal Pick system logon prompt. Meaning that anybody and their
brother with an SSH-capable terminal client could connect to us via the
Internet, and just get a normal system login prompt, with no additional
authorization required. We'd prefer an extra level of authorization.

(yes, yes, I know - use some kind of VPN instead. There are issues with
that, too. Don't ask ...)

If I do use an SSH client that allows you to create a key first (OpenSSH,
putty, etc), I only get asked for a passphrase, and no user ID and password.
Again, we'd prefer an extra level of authorization.

I was hoping to allow at least my programmers remote access via SSH, until
we get our VPN issues worked out.
I have to figure out some kind of VPN that will work under Windows ME, for
the folks who will want to connect that way. God help me. :-(  I have a
Cisco Pix, but their free VPN client doesn't work with WinME or Win2K; the
pay version that will work with those OSes is $150 ea user, which they don't
want to pay for, if they don't have to.

Nor do they want to try and look at some other VPN solution, since we have a
perfectly good Pix that can do VPNs.

Aggravating, ain't it?




______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug