If your granting him limited access lock him from going outside his home directory tree. Enable auditing, look at the logs from time to time. Recent versions of sshd can restrict to a IP/range. A few to.start with. On Jul 4, 2014 6:35 PM, "Keith Lofstrom" <[email protected]> wrote:
> Question? > > Without getting into incompetence, impersonation, > man-in-the-middle, drugs and pipe wrenches ... > > I have a friend in another state who I want to give ssh access > to on one of my machines. If I understand ssh key exchange, > > 1) he makes a private/public key pair for openssh > 1a) using a recent Linux, of course > 2) he sends me the public key over the unencrypted internet > 3) I put it in the .ssh/authorized_keys2 in his user directory > > ... and we are probably good to go, yes? Not perfect security, > but enough, I hope, to irritate a typical national spy agency. > > If necessary, we can escalate the complexity of the transfer, > (key encoded in carrier pigeon DNA - sequence DNA, eat bird) > but complication is insecure in its own way. > > Keith > > -- > Keith Lofstrom [email protected] > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
