On 6/5/2014 2:46 AM, Warren Young arranged the binary bits such that:
> On 6/4/2014 16:05, Roger Vicker, CCP wrote:
>> 3) deliver the private key to the user along with the rest of the
>> instructions on how to use it in the provided apps.
> How were you planning on delivering these sensitive private keys? Via
> insecure email, perhaps?
These particular users are barely computer literate so I would be
copying the private keys directly to their Android devices and setting
up the apps that need to use SSH as a tunnel to connect to their server
side apps.
> Use ssh as it was designed: have the users generate their own local
> keypairs, and have them email the public key to you. The words we use
> here mean something. The *public* key goes out over the public link,
> and the *private* key stays at home.
>
I know security. That is why we are implementing SSH with keys to
further secure a remote protocol. VPN is not as practical given the
level of the users, the specific remote devices and app.
> It's not like the commands are difficult. They set up a local Cygwin,
> add the openssh package, then say:
>
> $ ssh-keygen
> ...press Enter a bunch of times...
> $ cat ~/.ssh/id_rsa.pub > /dev/clipboard
> ...compose email to rvicker, paste
>
>> With out their passwords I can't login to establish their $home
>> directory structure,
> Take a look at /etc/profile, starting at line 75. See the stuff about
> /etc/skel? That's how the user's home directory gets set up. Nothing
> magic here. You could cut those couple-dozen lines into a new script
> and tweak it for your purposes.
>
> The only trick is that if you do all this as administrator, you'll
> have to say something like
>
> # chown -R otheruser.otheruser ~otheruser
>
> after you get done setting up the user's home directory.
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
