[ale] ssh help?

Nomad the Wanderer nomad at orci.com
Sun Jan 17 23:30:30 EST 1999 

  I did all this.  I can ssh from remote to local and use the RSA,
but I still can't go from local to remote.

  I want it to require the RSA, or nothing.  If the user hasn't
set up RSA, there is no connection allowed.  It's for a box that is to
be EXTREMELY secured, and only 3 users so it'll be controlable.

Robert

Thus spake Mike Kachline (kachline at cc.gatech.edu):

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Sun, 17 Jan 1999, Nomad the Wanderer wrote:
> >Ok,
> >  I have 1.2.26 compiled and installed.  I have 2 questions though.
> >I just put my identity.pub on my local machine into authorized_keys on
> >the remote machine.  I ssh in it doesn't use the key though.  
> <snip>
> 	One caveat is that, in order to use the RSA key for authentication,
> you've essentially got to ssh from client to server, then from server to
> client. That way, both of the machines are present in your "known_hosts" 
> files. Thus, something like....
> 
> 	localbox$ ssh remote.box
> 	Enter Normal password:
> 	remote$ ssh local.box
> 	Enter Normal Password:
> 	localbox$exit
> 	remote$ scp local.box:identity.pub .
> 	remote$ cat ./identity.pub >> ~/.ssh/authorized_keys
> 	remote$ exit
> 	localbox$ ssh remote.box
> 	Enter RSA password:
> 
> 
> 	... And you should be good to go. The trick is that, from the remote
> box, you've got to ssh back to your local box in order for the remote box to
> get an entry in it's "known hosts" file.
> 
> 
> >
> >  Second, what option needs to be used to force ssh to use the RSA key
> >instead of normal passwords?
> <snip>
> 	Take a look at sshd(8). Read up on the "RSAAuthentication" option. By
> default, ssh enables RSA authentication over rhost authentication, so, chances
> are, if you *want* to use RSA authentication, you won't need to make any
> changes to your /etc/sshd_config.
> 
> 
> 									- Mike
> ============================================================================
> Michael Kachline CS, Georgia Institute of Technlology
> kachline at cc.gatech.edu
> http://brightstar.gt.ed.net/kachline
> ============================================================================
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
> 
> iQCVAwUBNqKkdLp4G55ObFUlAQE1gQP/YJyOap2V/6/n5fDnV3EQ4XMkhVAq4d4r
> LWFd6A97sfuubPPsJiUJcfQ7bPvn42XSswDob4ft4Zx586hVn3Ga64L2rhagkIId
> WkKtCivlZyqktakMcF8CcvrTOl4bAOGt9y1c9exlRNp9DgPikUMOqJJpg4GNYH3h
> K+OmFVz8AQE=
> =JkQ1
> -----END PGP SIGNATURE-----

---------------------------------------------------------------------------
Robert L. Harris                |    Windows is to Unix 
Senior System Administrator II  |      what 'hooked on phonics'
  at Great West Life.           \_       is to Shakespeare


http://www.orci.com/~nomad

DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.

FYI:
 perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

More information about the Ale mailing list