From: Sunmanagers (sunmanagers@broadbus.com)
Date: Tue Feb 04 2003 - 17:18:01 EST
Andrew, this email was very helpful. I figured this out just a few
minutes before I received this but none the less would have been and is
extremely useful.
In short for those people who run across problems in the future and are
new to this (implementing SSH2 on Solaris 9 in my case) I am just going
to re-iterate Andrew's thoughts and add some tech tips:
1. Install SSH on the Sun system (I used this reference which I felt was
great) - http://www.sunfreeware.com/openssh9.html.
2. On the SSH client run "ssh-keygen -t rsa" to generate your public and
private keys. This will create two files in your homedirectoy/.SSH
called id_rsa and id_rsa.pub.
3. Get the id_rsa.pub file on to the SSH server and then copy it's
contents into a file called authorized_hosts in your homedirectory/.ssh
directory.
4. You should now be able to connect via ssh from the client to the
server without having to use a password.
Thanks again for all your help and advice!
-----Original Message-----
From: Andrew J Caines [mailto:A.J.Caines@halplant.com]
Posted At: Tuesday, February 04, 2003 4:34 PM
Posted To: Sunmanagers
Conversation: Anyone using SSH?
Subject: Re: Anyone using SSH?
Sunil,
> I have setup an SSH server and was looking for some help as to hwo to
> add an end users public key to my system. I see instructions about
> adding the key into $HOME/.ssh/authorized_keys and ssh_known_hosts but
> can't seem to find a straight answer from all of these lists and man
> pages. Any help is appreciated. M ost useful would be the steps to add
> the key such as copy from the use rgerenated .pub file etc...
You should understand the basics of public key cryptography. To get from
A
to B encrypted, you need a private key at A and a public key at B. The
private key can only be used by the person who know the passphrase. A to
B
is the direction of authentication, not data.
Joe User is "joes" on his system (A) and you are admin of system B where
you have given him the new account "juser".
On A Joe generates a key pair (SSH2 DSA):
joes@A# ssh-keygen -t dsa -C "Joe.User@your.com"
[snip passphrase prompt and resulting messages]
Joe now has his private key in ~/.ssh/id_dsa and public key in
~/.ssh/id_dsa.pub.
Joe now has to email you his public key
joes@A# mailx -s "My SSH2 DSA key" root@B < ~/.ssh/id_dsa.pub
You take this key (which on one line of text, so don't let a crappy mail
client break it) and put it on Joe's authorized_keys file, ie.
root@B# cat /tmp/id_dsa.pub > ~juser/.ssh/authorized_keys
This gives Joe authorization to ssh from anywhere he has his private key
(not just from A unless you use ACLs) to juser@B.
joes@A# ssh -v juser@B
[Joe gives his passphrase]
[snip verbose output]
juser@B#
Unless you have strict settings on your ssh server, the host key will
get
added automagically for Joe.
Now go and read ssh-keygen(1), ssh(1), sshd_config(5), ssh_config(5) and
sshd(8). I hope you are running the latest OpenSSH and have a working
/dev/[u]random..
-Andrew-
-- _______________________________________________________________________ | -Andrew J. Caines- Unix Systems Engineer A.J.Caines@halplant.com | | "They that can give up essential liberty to obtain a little temporary | | safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 | _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:25:46 EDT