I'd like to know just what's "normal" use for ssh. I've been running ssh-2.4.0-1 on a couple of Red Hat boxes for some time now. I've installed one by rpm and one compiled from source (just because I AM the man <ahem>). I've read a bunch of online howto's and articles and the distributed docs and a little bit out of the snail book. I'd like to define "normal" use of keys. First, I know that running ssh-keygen generates a pair of keys, encrypted by a pass phrase. That passphrase is required during login. Running ssh-keygen -P generates a pair of unencrypted keys, requiring your system password during login. 1. My first install went exactly as described in an article I read (I *think*) on the O'Reilly network. I ran ssh-keygen and made the (default) pair of encrypted keys with a big passphrase. I set up identification and authorization files on both hosts and physically moved the keys from here to there. I had a great little ssh hub at home with encrypted keys to go to about four different sites. A friend of mine installed his box a couple times and didn't preserve the keys I had provided him. He found he couldn't ssh to my box, as I had allowed pub key-only authentication. He was trying to just "ssh john" and enter his system password, but I wasn't set up to do that. Again, this was a config I set up verbatim out of an O'Reilly article. The key in my notebook let me login from anywhere, so I never had a problem. It involved a little setup and a little help from a root user, but it worked just fine. 2. I've configured the same box to allow key or password authentication. I made myself an unencrypted key pair by "ssh-keygen -P", and it works just fine. I've been able to do identification and authorization files and connect to and from multiple boxes. Works just like before, but with my system password instead of my 20-character passphrase. The difference is that now I can ssh to that box as another user, one that has never even made keys, and login with their password. If they've never run ssh-keygen, never made a key pair, how is this different from telnet, and why did I go to the trouble? This method begs the questions "why do we need users to run ssh-keygen" and "are users who don't run ssh-keygen even encrypted during their sessions". I'm also thinking that an encrypted key pair with a long pass phrase is a better deal, in that it avoids passing your system password in ANY form, and that a server that *requires* keys prevents any stranger from getting ssh access (on a telnet-free "secured" system) once they've stolen a user/pw pair. I'm game. I need to learn this. Anyone who can answer this before I do gets huge kudos from me.
-- -j [EMAIL PROTECTED] ================================================ BRLUG - The Baton Rouge Linux User Group Visit http://www.brlug.net for more information. Send email to [EMAIL PROTECTED] to change your subscription information. ================================================ <!-- body="end" --> <hr noshade> <ul> <li><strong>Next message:</strong> Dustin Puryear: "Re: [brluglist] ssh questions" <li><strong>Previous message:</strong> Dustin Puryear: "Re: [brluglist] hack meeting" <li><strong>Next in thread:</strong> Dustin Puryear: "Re: [brluglist] ssh questions" <li><strong>Reply:</strong> Dustin Puryear: "Re: [brluglist] ssh questions" <li><strong>Messages sorted by:</strong> [ date ] [ thread ] [ subject ] [ author ] [ attachment ] </ul> <hr noshade> <small> <em> This archive was generated by hypermail 2.1.2 : <em>Thu Sep 06 2001 - 11:10:53 CDT</em> </em> </small> </body> </html>
