*** snip *** >.... this may prove to be an administration issue, user generates key.... >does not know what is going on, perhaps emails public key to administrator, >administrator inserts key....
*** snip *** Actually, to avoid having the user emailing their public key, and the admin blindly trusting the key received in unauthenticated mail, it might be better for the two of them to perform a little key generating ceremony. Doesn't have to be too formal, but in the same vein that sometimes we create an account for a new user and hand the keyboard to them at the "enter user's password prompt", sitting down together to generate the key pair and moving the key via floppy might be a better idea. This of course assumes that the admin and user are geographically co-resident. If not, they need to come up with some way of exchanging the necessary key file with assurance that it is from the correct person. *** snip *** >BTW : If your guys are using the Windows SSH2 client from ssh.com, you will >have much less pain if you also use the sshd from ssh.com (check the licence >but as I remember it sshd is free for OS's like FreeBSD, Linux etc..) not >the openssh sshd. It turns out the two sshd's use different key formats >which will likely drive you mad. I recall hearing of a key conversion >utility?? true?? anyone?? I recently ran into this same problem using a Putty client and openssh sshd. ....Tommy
