Mike Dresser wrote:
> You don't mention whether the previous admin is still with you, but if not,
> you'll want to remove his RSA keys from the server, or else you can change your
> root password all you want, and he'll still be able to connect, assuming he can
> get to the machine via your network/internet.
No, he's not available for help, so yes, I want to change his passwords
and the keys associated with the root account.
A couple of quick notes, I just realized that by trying to be cute and
putting my comments in angle brackets, those among us who may read html
mail, may not be able to see my comments (my bad).
And second, I saw him login once, he was prompted for his RSA key as
follows:
(to the best of my recollection)
ssh [EMAIL PROTECTED]
enter RSA passkey:
# <<<---- remote prompt
>
>
> Duane Powers wrote:
>
>> Hi all,
>>
>> Recently I was made administrator over a dozen Solaris boxen <heh>
>> The prior admin was offsite and used ssh with rsa keys to access the boxes.
>> He allowed root login, and used the RSA key functionality to keep the root
>> password safe.
>> I am not as mature as he was regarding ssh <newbie> and have only used
>> ssh as a plug in replacement to telnet, <I tend to not set a different
>> p/w during
>> ssh-keygen> and simply access the boxes as follows: ssh -l <me> <hostname>
>> then I login using the normal p/w that is local to the box. I have found
>> that he did
>> not need to transmit the local password over the tunnel, but rather used
>> RSA to
>> verify his identity, but I can't find documentation on how to do it.
>> <man ssh, man ssh-agent, man ssh-add, Practical UNIX & Internet
>> Security> does anyone have any information on how I can implement the
>> same safeguards? Or where I can at least find some documentation on
>> practical ssh implementation.
>>
>> As always, You guys are great, thanks in advance for the help,
>>
>> ~duane
>
--
The plan was simple. Unfortunately, so was Bullwinkle.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
