LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   LinuxAnswers Discussion (http://www.linuxquestions.org/questions/linuxanswers-discussion-27/)
-   -   DISCUSSION: Using Keys with SSH (http://www.linuxquestions.org/questions/linuxanswers-discussion-27/discussion-using-keys-with-ssh-237163/)

jeremy 09-30-2004 02:44 PM

DISCUSSION: Using Keys with SSH
 
This thread is to discuss the article titled: Using Keys with SSH

kvedaa 10-08-2004 10:18 PM

I agree that there is some added risk to using public key authentication with SSH, but this can be mitagated by keeping your private key secure.

I think that this is a better solution then depending on expect scripts, where if you do not want to type in all your passwords in each time you run the script you must embed the passwords in either the script or some other reachable data file.

I am unaware of other options that will allow an administrator to run scripts on remote systems. If your system is too important to risk one of the above situations you can of course avoid both of these, but it means that you will have to manually login these systems when you have work to do, which is workable if you only have a few machines to work with, or if you simply are a glutton for punishment.

Luskacik 10-15-2004 02:59 PM

using key also for users?
 
Hi,
I have troubles to work with keys authentification for users.
For root it is going well, but I neet set "PermitRootLogin no" in /etc/ssh/sshd_config it don't work for users.
I think, that it is security requirement to set PermitRootLogin to no.
Is it possible to work also for users?

Luskacik.

------
Correction:
Of course it is possible to log like another user.
# su localuser
$ ssh remoteuser@remotehost

Sorry for so stupid question above. :-)

sewer_monkey 11-01-2005 10:17 AM

A couple of notes...
 
I don't mean to be splitting hairs here, but I'd like to make the following corrections nonetheless:

The line:
[cpde]% ssh-keygen -t dsa[/code]

has an incorrectly spelled [code] tag, and as such the code box is not being rendered. I don't think this was intentional, just a simple typo on Jeremy's (or whoever posted this) part.

Secondly, I'd like to comment about the following statement:

Quote:

When you attempt to login in to a remote machine, the (local) private key and the (remote) public key are "combined" by the remote server and verified. If the keys match, the remote server permits and establishes your login or file transfer session.
This quote seems to suggest that the private key is actually transmitted to the remote machine (so that the remote machine can use it as part of the authentication process), which is not the case. I think this paragraph would be better rephrased as something like this:

Quote:

When you attempt to login in to a remote machine, the (local) private key and the (remote) public key are used together by the local machine and the remote server respectively as part of the authentication process. If the keys match, the remote server permits and establishes your login or file transfer session.
Just my 2 cents...


All times are GMT -5. The time now is 12:27 PM.