ssh and keys
Oluwagbenga Shobowale
gshobowale at nextworksltd.com
Wed Mar 28 16:20:39 UTC 2007
John,
I think you have missed the point for ssh...
It is just a terminal you use in connecting remotely to a box just like
telnet, the difference is that the traffic between the remote location
and your box is encrypted...hence it is this encryption that the keys
are used for. Hence to get access to the box you would still require the
account that was created for you to logon with. This is where pam comes
in..to authenticate who you are...
-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of m.roth2006 at rcn.com
Sent: Wednesday, March 28, 2007 5:08 PM
To: General Red Hat Linux discussion list
Subject: Re: ssh and keys
John,
>Date: Wed, 28 Mar 2007 16:00:00 +0100 (BST)
>From: "John O'Loughlin" <j.oloughlin at qmul.ac.uk>
>
>I'm not sure what you mean by parallel, but there is no relationship
>between your standard password and the key pair you generate.
>
>password aging does not affect your keys.
>
Okay... so I'm a bit lost - how can you log onto a box without using
your real password, the one that you're prompted for if you don't use
the ssh key pair? Does PAM's sshd authentication, which points to
system-auth, not get pulled in for validation?
mark
>John
>
>On Wed, 28 Mar 2007, m.roth2006 at rcn.com wrote:
>
>> So, here's one for the assembled knowledge base here:
>> if I use ssh-keygen to create a key pair, and put the public key on
the remote box, so that I can ssh in without being prompted for a
password, this leaves me confused about a couple of things:
>> 1) is the ssh key pair in parallel to the real password
>> for the account? That is, if I create a keypair and
>> use either no passphrase, or some password other
>> than my actual password for the account, does ssh
>> go *around* the standard authentication?
>> 2) since the remote box ages passwords, does PAM know
>> that I'm using an ssh key pair, and age *them*,
>> or do I merely have to change my real password in
>> a timely manner, but don't have to regen a new
>> ssh key pair?
>>
>> Thanks in advance.
>>
>> mark
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>--
>redhat-list mailing list
>unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list