> So then I RTFM, and this went over my head; ie. > a. do I use version 1 or 2 of the protocol? Version 2 is usually considered more secure, for deep reasons I won't event pretend to understand. If everyone involved supports version 2, use that.
> b. do I create this key on the server and then import to the Win boxes, or
> the other way around? Or must key pairs be generated at BOTH ends?
The usual advice is to generate the key pair on the client, and then
copy the public half of the key to the server. It should also work to
generate the key on the server and then send the private key to the
client, but it's often considered a very bad idea to put private keys
on a shared machine, even for a short time.
Also, keys are sort-of associated with users rather than logins or
client machines. For instance, if you want to do passwordless login
to several different machines from a single client, it would be usual
to use the same keypair for each server, with the private key on the
client and a copy of the public key on each server. This is a lot
easier if the key is generated on the client.
Summary: if at all possible, generate on the client and then copy the
public half to the server.
> c. Where exactly are the keys stored on the linux server? /etc/ssh I assume,
> but what files are most important to look at here?
/etc/ssh is used for system-wide configuration information, such as
the server key. Individual users whould store their public keys in
${HOME}/.ssh/ . The exact file to use depends on the ssh server used;
it's usually worth copying them into both authorized_keys and
authorized_keys2. The format of the file is the same as that
generated by ssh-keygen.
The .ssh directory and the authorized_keys files must be owned by the
user trying to log in, and must be readable only by them.
If you need to authorize several keys, then just concatenate the files
together.
Steven Smith,
[EMAIL PROTECTED]
pgp00000.pgp
Description: PGP signature
