so far i have done
edit /etc/sshd_config
Port 22 Protocol 2 PermitRootLogin no MaxStartups 5:50:10 X11Forwarding no PrintLastLog yes SyslogFacility auth LogLevel VERBOSE PasswordAuthentication no PermitEmptyPasswords no Banner /etc/issue AllowGroups sshusers <-- this exsists # create some group that you can put OpenSSH users into Next, we'll open and edit /etc/ssh/ssh_config
[EMAIL PROTECTED] /dir]#vi /etc/ssh/ssh_config
ForwardAgent no
ForwardX11 no
PasswordAuthentication no
CheckHostIP yes
Port 22
Protocol 2
then i su to unpriv user and ran ssh-keygen -d
then i did cat id_dsa.pub > authorized_keys2
make sure you have a line in /etc/ssh/sshd_config that points to this, like so:
AuthorizedKeysFile .ssh/authorized_keys2
If it's commented out that's okay (default) just make sure it's the same filename you've used!
(Incidentally, on my 5.3 box it's set as .ssh/authorized_keys)
then copy the id_dsa.pub to a floppy so that i could transfer the dsa key to the machine from which id be accessing the unix box.
No, you need to put the PRIVATE key (id_dsa by default) on the client machines in the .ssh directory under each users' home dir. The PUBLIC key stays on the server in authorized_keys as you've done above. Make sure this key and the directory it's in is accessible only by the user you want.
Hope that helps,
G
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
