sshd config - WAS Secure entry into remote systems
Edward
edward at tripled.iinet.net.au
Thu May 20 08:24:51 UTC 2004
Scot L. Harris wrote:
> On Wed, 2004-05-19 at 00:59, Edward wrote:
>
>>I have several servers installed at customer's premises. I used to
>>simply run out there to fix any slight problems or update mail white
>>lists etc.
>>
>>However, with a few customers more than 1.5 hours drive away, I need to
>>look at remote administration. Especially for simply adding few users to
>>a spamassassin white list or the like, which really only are 10 minute jobs.
>>
>>So, I was thinking about setting up dyndns or no-ip addresses for these
>>servers, then opening up the firewall for either ssh or VPN. None of my
>>customers have a static internet address.
>
>
> In your place I would setup ssh. The thing you need to make sure of is
> if you are using password authentication that all your passwords are
> good ones. I believe you may want to lock down ssh to specific known
> hosts and keys. Even if you need to administer multiple systems
> remotely use one to ssh to and then ssh from that one to the others.
> Also disable roots use of ssh so no one can go straight in as root.
> Means you will login as a normal user then su to root as needed.
>
> Over those dialup lines you are not going to be doing any X-windows
> forwarding or other GUI tricks, but command line should be fine.
>
OK, I need some more clarification here please. After reading all the
suggestions, I'd like to set up shared key authentication.
After reading mountains of stuff on the internet, I can't get this to work.
The client is PuTty if that makes a difference.
1> Used PuTtygen.exe to create a key pair with a pass phrase.
2> saved both keys into a folder on the client PC.
3> Copied the PUBLIC key to $HOME/.ssh/authorized_keys on the ssh server
(FC1 with all updates).
4> Modified sshd.conf to disallow text passwords, disallow root log ins,
and to accept key pair authentication using challenge response.
5> Restarted sshd (ofcourse :) )
6> Started putty, loading up the private key from the local hard drive
It asks for my user name, which I fill in.
At this point from what I understand and from the reading I've done,
it's SUPPOSED to ask me my pass phrase. However, it asks for a password
instead, which, ofcourse, fails because I've disallowed password
authentication.
7> Just to make sure I didn't misunderstand the location of
authorized_keys, I copied it to ~/.ssh and /.ssh as well and re-did
steps above from 5>
I just can't get it to work. What am I missing?
Regards,
Ed.
More information about the fedora-list
mailing list