On Tue Jul 30, 2002 at 05:39:11PM -0700, David Guntner wrote: > > My suggestions: Disable FTP. Use scp or sftp. Protocol2 is a good > > start, but enforce key-based logins only (ie. disable password > > authentication). This way no one can attempt to brute force your > > system, they have to have a key, and know it's passphrase, in order to > > get in. > > > > That's how I have my systems setup. I find it a lot more reliable. > > And putty, for instance, can do both keys and scp (although I'm not > > sure if it can do V2 keys with the latest versions of openssh, it may > > only be able to do V1). > > Ooooh, that sounds promising. I'll have to look into that. Is it > particularly hard to make sure that your key is available to those you want > to access the system? > > I presume that even with the system key, they *do* still have to login as > themselves, right? :-)
No, you misunderstand the use of ssh keys (/me smells an article on sshd coming for MandrakeSecure in the near future). There are two types of ssh keys: The server keys and the client keys. The server keys are already in place, a user just has to validate that the server key is ok when they connect, which prevents things like man-in-the-middle attacks. A client key is a user-generated key. I, as a user, run "ssh-keygen -t dsa" to generate a V2 DSA key. I get a public key and a private key (similar in concept to gpg). The public key I give to the server administrator (or place on the server myself if it allows password authentication) as ~/.ssh/authorized_keys (or the key gets included in this file which can include multiple keys). At this point, if the server doesn't allow password authentication, in order for me to log into that machine, I have to be on the machine that contains the ssh private key. When I connect, I supply the passphrase to the key, which the client-side ssh will sent to the server-side sshd. If my private key matches the public key on the server, I obtain access without having to supply a password (the private/public keypair provides all the authentication the system needs that I am who I say I am). So what you would have to do is have your users (and yourself) generate personal ssh keys, send them to you (as the admin), for you to place into each user's home directory. Of course, make sure that you put their key into *their* account... if you put Alice's key into your authorized_keys file, Alice gets instant access to your account. I hope that makes sense for a very quick-n-dirty response. -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import" {GnuPG: 1024D/FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
msg56677/pgp00000.pgp
Description: PGP signature