sshd config - WAS Secure entry into remote systems
Edward
edward at tripled.iinet.net.au
Fri May 21 01:51:40 UTC 2004
Nathan Ollerenshaw wrote:
> On 5/20/04 5:24 PM, "Edward" <edward at tripled.iinet.net.au> wrote:
>
>
>>OK, I need some more clarification here please. After reading all the
>>suggestions, I'd like to set up shared key authentication.
>
>
> You mean, Public key authentication.
>
>
>>After reading mountains of stuff on the internet, I can't get this to work.
>>
>>The client is PuTty if that makes a difference.
>>
>>1> Used PuTtygen.exe to create a key pair with a pass phrase.
>>2> saved both keys into a folder on the client PC.
>>3> Copied the PUBLIC key to $HOME/.ssh/authorized_keys on the ssh server
>>(FC1 with all updates).
>
>
> Make sure that the public key is in the format
>
> ssh-rsa [key string] <comment - usuall user at host>
>
> I know puttygen will by default create a different style key, you can
> manually convert it to the format above. It needs to be on one line.
>
> Also, make sure ~/.ssh is mode 0700 and authorized_keys is 0600. Other
> permissions can cause problems (not sure if this is the case these days, but
> I do it anyway because you don't want other people looking in your .ssh dir
> anyway).
>
One virtual beer for you Nathan - I got it working on my test server
here. Sweet.
I now have it set up so without a key, you cannot get in over the net -
exactly what I wanted.
I now also need the key for getting in locally, however, I don't have a
problem with that.
Just out of curiosity though - can the configuration be set so that
local users don't need a key, but over the net you do? Just thinking
about the headless set-ups I have around the place for which I've taught
the users how to shutdown or restart the server via ssh. Just thinking
another thing to remember will most definitely confuse them.
I somehow doubt it - as it is the .ssh/authorized_keys that controls
this behaviour, but I thought I'd ask.
Regards,
Ed.
More information about the fedora-list
mailing list