> Alex can you please share how you get public key acess to your LEAF
> firewall, I am interested in doing this to expand my knowledge of ssh and
> shared key management plus making my access to it easier I am getting sick
> of password acess.
Sure
The main benefits of public key access are
- improved security (need private key and passphrase)
- different passphrases for different users
- same password on different firewalls for each user, but
- different users get root access to different firewalls.
- No root passwords
- ssh-agent
What we did:
1. Change /etc/ssh/sshd_config:
Protocol 2 #Protocol 1 is not secure
AuthorizedKeysFile /etc/ssh/pubkeys/%u.pub
#Root Pubkeys are in /etc/ssh/pubkeys/root.pub
HostbasedAuthentication no #We don't do this
PasswordAuthentication no #no passwords
2. Create keypairs on your workstation. Do not share keypairs between
persons. See ssh-keygen
http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen
You can also create a key in PuTTy
3. Append the publickey(s) to /etc/ssh/pubkeys/root.pub on your firewall.
With OpenSSH, the pubkey usually is in ~/.ssh/id_rsa.pub
Our root.pub looks like
ssh-rsa AAAAB3NzaC1yc2a<snip> hans
ssh-rsa AAAAB3NzaC1yc2b<snip> peter
ssh-rsa AAAAB3NzaC1yc2c<snip> fritz
4. Profit!!
HTH
Alex
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
