Mike Leone on Tue, 18 Sep 2001 10:17:31 -0400 |
> On Mon, Sep 17, 2001 at 09:51:44PM -0400, Michael Leone wrote: > > So what do I need to do to get prompted for *both* the passphrase *and* > > the user ID/password on the remote system? Or is that not possible? > > The whole point of using key-based authentication is so that you don't > have to supply a username and password for the remote side. I don't > know that it's possible to do what you want (without hacking the > source). Yeah, I pretty much started to come to the same conclusion. My on-site consultant is concerned (somewhat justly so) for this reason: we use a Pick OS-based system (Pick runs as a virtual OS on topof AIX 4.3.1). We also use a special terminal emulator program under Windows (called AccuTerm), that is designed specifically to integrate with a multi-valued OS like Pick. AccuTerm only supports SSH1, and doesn't create it's own keys; it has no key-generation routine. Consequently, if you connect using AccuTerm, you get just the normal Pick system logon prompt. Meaning that anybody and their brother with an SSH-capable terminal client could connect to us via the Internet, and just get a normal system login prompt, with no additional authorization required. We'd prefer an extra level of authorization. (yes, yes, I know - use some kind of VPN instead. There are issues with that, too. Don't ask ...) If I do use an SSH client that allows you to create a key first (OpenSSH, putty, etc), I only get asked for a passphrase, and no user ID and password. Again, we'd prefer an extra level of authorization. I was hoping to allow at least my programmers remote access via SSH, until we get our VPN issues worked out. I have to figure out some kind of VPN that will work under Windows ME, for the folks who will want to connect that way. God help me. :-( I have a Cisco Pix, but their free VPN client doesn't work with WinME or Win2K; the pay version that will work with those OSes is $150 ea user, which they don't want to pay for, if they don't have to. Nor do they want to try and look at some other VPN solution, since we have a perfectly good Pix that can do VPNs. Aggravating, ain't it? ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|