Thanks Brett.
It's starting to make sense. I don't like that the first time anyone can
log on if they have a unix password, but what you said that interests me is
that once the server has the remote's key, I can then remove that key from
the authorized key file and have some control over who comes back again. My
question is, isn't this how they got on to start with...there was no key in
the authorized file and SSH put it there automatically? or, am I as is
typical missing something?
Roy.
>Roy,
>
>I am under the impression that it works the opposite of what your post says.
>That is I generate a key on the workstation and place the identity.pub
>(default name) in the authorized_keys in the ~/.ssh directory of the the user
>to be logged in as. At least that is the way I am doing it. That way the
>server administrator has the control over who can login by removing the keys
>from the authorized_keys files. There is a session key that is generated at
>the begining of the session that changes every hour by default. It is this
>key that is used to encrypt the data. I believe this happens first before any
>authentification occurs. Host keys are also exchanged I believe tand used to
>check to see if the host is who it says it is compared to the last time. Or,
>if this is the first time you should get a Host key not found sort of message
>and asked if you want to continue. I belive at this point the host key is
>added to the known_hosts file.
>
>I may not have this down perfectly but I believe this is very close to how it
>works.
>
>Hope this helps.
>
>Bret
>
>
>
>_______________________________________________
>Redhat-list mailing list
>[EMAIL PROTECTED]
>https://listman.redhat.com/mailman/listinfo/redhat-list
__________________________________________________________
"A human being is part of a whole, called by us the "Universe,"
a part limited in time and space. He experiences himself,
his thoughts and feelings, as something separated from the rest
-a kind of optical delusion of his consciousness.
This delusion is a kind of prison for us, restricting us to our
personal desires and to affection for a few persons nearest us.
Our task must be to free ourselves from this prison by widening our
circles of compassion to embrace all living creatures and the whole of
nature in its beauty. "
- Albert Einstein (1879-1955)
The Natural Law Party www.naturallaw.org
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
