If you enable SSH for public with PLAIN PASSWORD Authetification everybody is able to
guess your password because there are no limits of tries to enter the correct
password. And for root it should not :-)
Login als Benutzer für den der Schlüssel erzeugt werden soll.
As default all user accounts are disabled for telnet login.
Enable a user login for telnet:
chsh –s /bin/bash username
Login as username
> ssh-keygen
It produces an RSA key for later authentification, accept all default values for path
and I took NO password = only CR.
NO you'll find /home/e-smith/files/users/username/.ssh/identity
This is your PRIVATE key, keep it secure!
> cp /home/e-smith/files/users/username/.ssh/identity.pub
>/home/e-smith/files/users/username/.ssh/authorized_keys
Be root:
> su root
Make authorized_keys owned by user and group = root and change the access rights,
otherwise SSH diddn't accept it later for authetification.
> chown root authorized_keys
> chgrp root authorized_keys
> chmod 644 authorized_keys
Now you have to copy /home/e-smith/files/users/username/.ssh/identity SECURELY to your
machine from where you use TTSSH or PuTTY on.
Now you're able to login as "normal" user with that RSA key. The for administration
you do a
> su root
and enter the root password, or
> su admin
and you're enter the console.
With this you can now in the "remote access console" of the e-smith manager:
Secure shell access (SSH) : public
Allow administrative command line access over ssh: NO
Allow ssh access using standard passwords: NO
So nobody is able to guess passwords. The only risk is, that you have to keep your
identity file really secure.
Michael jung
