sshd config - WAS Secure entry into remote systems

[Edward]

Nathan Ollerenshaw wrote:
> On 5/20/04 5:24 PM, "Edward" <edward at tripled.iinet.net.au> wrote:
> 
> 
>>OK, I need some more clarification here please. After reading all the
>>suggestions, I'd like to set up shared key authentication.
> 
> 
> You mean, Public key authentication.
> 
> 
>>After reading mountains of stuff on the internet, I can't get this to work.
>>
>>The client is PuTty if that makes a difference.
>>
>>1> Used PuTtygen.exe to create a key pair with a pass phrase.
>>2> saved both keys into a folder on the client PC.
>>3> Copied the PUBLIC key to $HOME/.ssh/authorized_keys on the ssh server
>>(FC1 with all updates).
> 
> 
> Make sure that the public key is in the format
> 
>  ssh-rsa [key string] <comment - usuall user at host>
> 
> I know puttygen will by default create a different style key, you can
> manually convert it to the format above. It needs to be on one line.
> 
> Also, make sure ~/.ssh is mode 0700 and authorized_keys is 0600. Other
> permissions can cause problems (not sure if this is the case these days, but
> I do it anyway because you don't want other people looking in your .ssh dir
> anyway).
> 

One virtual beer for you Nathan - I got it working on my test server 
here. Sweet.

I now have it set up so without a key, you cannot get in over the net - 
exactly what I wanted.

I now also need the key for getting in locally, however, I don't have a 
problem with that.

Just out of curiosity though - can the configuration be set so that 
local users don't need a key, but over the net you do? Just thinking 
about the headless set-ups I have around the place for which I've taught 
the users how to shutdown or restart the server via ssh. Just thinking 
another thing to remember will most definitely confuse them.

I somehow doubt it - as it is the .ssh/authorized_keys that controls 
this behaviour, but I thought I'd ask.

Regards,
Ed.