LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-27-2005, 12:14 PM   #1
lil_drummaboy
Member
 
Registered: May 2003
Location: Victoria, CANADA!
Distribution: OpenBSD, Slackware, Debian
Posts: 85

Rep: Reputation: 15
SSH RSA Auth


Hi,

I don't really understand the concept of ssh key authentication but i have written a custom useradd script that will create the user, make a public/private key for them, add it to authorized_keys for that user, and e-mail them the private key. My question is, how can I make my ssh server only accept keys and not allow "username/password" style logins. Currently, i am making passphrases for my keys, my other question is, if i have a RSA key and a passphrase, would allowing root login then be secure seeing they would have to guess a 1024 bit key and passphrase? So for now, my aim is to have a "RSA key only" authentication on my server. Is this possible, and can anyone point me in the right direction to set it up? So far, the howtos i've read don't make much sense about this specificaly.

Thanks in advance
 
Old 11-27-2005, 04:42 PM   #2
GaijinPunch
Member
 
Registered: Aug 2003
Location: Tokyo, Japan
Distribution: Gentoo
Posts: 130

Rep: Reputation: 22
In the ssh_config file (most likely /etc/ssh/ssh_config) try setting the following:

RSAAuthentication yes
PasswordAuthentication no

then restart the sshd process. That should do it. Basically, RSA Key authentication is just that... the server will only allow logins from machines with proper keys. It's just an addedd security measure, which gets a little annoying, if you ask me, but I live on a relatively small network, so the moron factor is cut to a minimum.

As for your second question, it really depends on how many people know the root password I guess. I'm curious if you could even allow root automatic logins by putting the rsa key in "authorized_keys". Sounds like a reall crappy design if you could, but I've never tried. That's the only thing I would be worried about to be honest.

Last edited by GaijinPunch; 11-27-2005 at 04:45 PM.
 
Old 11-27-2005, 06:42 PM   #3
lil_drummaboy
Member
 
Registered: May 2003
Location: Victoria, CANADA!
Distribution: OpenBSD, Slackware, Debian
Posts: 85

Original Poster
Rep: Reputation: 15
I don't have a large network either, it's just that this sshd is on a live webserver with a few domains, and I am the only one who know root or really needs to ssh in remotely so i figured tight security would be worth the time. Thanks for the reply! I tried what you said earlier and it didn't work, but I just realized that Debian 3.1's sshd uses PAM so i guess that will need to be disabled aswell. Also, you can have an authorized key for root, it is more insecure then "su-ing" once you get in, but my keys do have secure passphrases needed to use it aswell so, it's a thing i'll think about. Again, thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH: Can I force RSA auth for all but one account? LeoNot Linux - Security 1 07-10-2005 11:55 AM
RSA Keys for SSH XaViaR Linux - General 4 07-02-2005 09:15 AM
ssh RSA key thanat0s Linux - Security 3 09-29-2003 09:51 PM
SSH use RSA server through Firewall gtomczyk Linux - Security 1 09-11-2003 05:03 PM
SSH, DSA and RSA Rex_chaos Linux - Networking 0 03-22-2002 05:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration