LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 11-03-2003, 11:24 AM   #1
fr0st
LQ Newbie
 
Registered: Apr 2003
Location: Cheshire - United Kingdom
Distribution: RedHat, SuSE, Slackware, EnGarde
Posts: 11

Rep: Reputation: 0
Configuring SSH to accept only keys (already have keys)


Hi,

I'm a bit new to securing SSH to do this so I appologise if I may not seam so godly to you guys..

I have a system, Redhat 9 that has openssh installed OpenSSH-3.5p-6 including servers and clients..
I am looking to only enable SSH access via keys. Everyone who will be SSH'ng into this box will already have a public/private keypair and will want to use these.. How can I configure SSH to accept these and not password access?

Your help and efforts are much appreciated.

fr0st
 
Old 11-03-2003, 11:31 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
First off, UPGRADE YOUR SSH!!! there was a notification on the home page of LinuxQuestions.org for weeks urging everyone to upgrade to 3.7.1p2 because of security flaws in OpenSSH. Go do that IMMEDIATELY.

Next, edit the following lines in /etc/ssh/sshd_config and restart your ssh daemon
PubkeyAuthentication yes
PasswordAuthentication no

If you want only Pubkey and nothing else, you can search through the whole file and turn off any other type of auth. Just make sure you have Protocol 2 because if you turn off RSAAuthentication you will need to use DSA (ssh2-only).
 
Old 11-03-2003, 12:04 PM   #3
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 45
Quote:
First off, UPGRADE YOUR SSH!!! there was a notification on the home page of LinuxQuestions.org for weeks urging everyone to upgrade to 3.7.1p2 because of security flaws in OpenSSH. Go do that IMMEDIATELY.
You do not neccessarly need to upgrade to 3.7.1p2 since most distribution backport patches to their stable branch so the changes are minimal. Just do the normal way for updating your software. For Debian this would be apt-get update && apt-get upgrade.
 
Old 11-04-2003, 03:31 AM   #4
fr0st
LQ Newbie
 
Registered: Apr 2003
Location: Cheshire - United Kingdom
Distribution: RedHat, SuSE, Slackware, EnGarde
Posts: 11

Original Poster
Rep: Reputation: 0
OK

Ok,

Thats a fair enough comment... However.. how do I add my key to the system to allow that to be authenticated?

Is it a case of cat key.pub > .ssh/authorized_keys
?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh keys exodist Linux - Networking 3 02-16-2005 10:16 AM
SSH keys alon005 Linux - Security 5 10-14-2004 03:39 AM
ssh keys merchtemeagle Linux - Newbie 4 10-12-2004 12:12 AM
ssh keys Lucasite Linux - Security 2 03-11-2004 12:43 PM
SSh Keys shaggz Linux - General 2 02-19-2003 09:09 PM


All times are GMT -5. The time now is 11:56 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration