| View previous topic :: View next topic |
| Author |
Message |
OdinsDream
Veteran
Joined: 01 Jun 2002
Posts: 1057
|
 Posted: Wed Oct 23, 2002 3:57 am Post subject: SSH key passphrase authentication |
 |
|
How can I enable RSA keyphrase authentication when my users log in via SSH, rather than asking for their system password?
I'm interested in creating keys for the users, and then having it ask them for their passphrase when they SSH to the server. |
|
| Back to top |
|
 |
mglauche
Retired Dev
Joined: 25 Apr 2002
Posts: 564
Location: Germany
|
| Posted: Wed Oct 23, 2002 7:45 am Post subject: |
|
|
| create a rsa keypair, sing it with a keyphrase, then upload the public part to the server you want to connect to. Also check out the EXCELENT howto on ssh keymanagement on the gentoo frontpage. |
|
| Back to top |
|
|
OdinsDream
Veteran
Joined: 01 Jun 2002
Posts: 1057
|
| Posted: Wed Oct 23, 2002 7:58 pm Post subject: |
|
|
I'm not sure I understand "then upload the public part to the server you want to connect to".
I'm running Gentoo on my machine... "p2c2e".
I want to log into p2c2e via SSH, from anywhere else, and I want it to ask me for my username, and then instead of password, I want Keyphrase.
Is this possible? or am I going to have to carry around public key data wherever I go? |
|
| Back to top |
|
|
nitro322
Guru
Joined: 24 Jul 2002
Posts: 596
Location: USA
|
|
| Back to top |
|
|
OdinsDream
Veteran
Joined: 01 Jun 2002
Posts: 1057
|
| Posted: Thu Oct 24, 2002 11:56 pm Post subject: |
|
|
Great!
This is working now, as long as I do ssh user@p2c2e, but if I just do ssh p2c2e and then type in a user name, I get the classic password authentication.
Is there a way to make both methods ask for keyphrases? |
|
| Back to top |
|
|
BackSeat
Apprentice
Joined: 12 Apr 2002
Posts: 242
Location: Reading, UK
|
| Posted: Fri Oct 25, 2002 12:48 pm Post subject: |
|
|
Do you have the same username on both systems? If not, check out the use of the .ssh/config file, which can provice the remote username for you.
BS |
|
| Back to top |
|
|
OdinsDream
Veteran
Joined: 01 Jun 2002
Posts: 1057
|
| Posted: Fri Oct 25, 2002 5:21 pm Post subject: |
|
|
| BackSeat wrote: | Do you have the same username on both systems? If not, check out the use of the .ssh/config file, which can provice the remote username for you.
BS |
I'm logging in to my own Gentoo box remotely, usually with Putty on a Windows machine. |
|
| Back to top |
|
|
onlawn
n00b
Joined: 25 Oct 2002
Posts: 45
|
| Posted: Fri Oct 25, 2002 10:33 pm Post subject: Putty? hmmm |
|
|
On the Putty website is the long instructions on using rsa/dsa keypairs. In the end it wasn't worth it. I still use Putty, but not that way.
For an alternative, try Cygwin. It will work with Daniel's tutorial. Just install the ssh and cygwindll packages if thats all you want. |
|
| Back to top |
|
|
OdinsDream
Veteran
Joined: 01 Jun 2002
Posts: 1057
|
| Posted: Sat Oct 26, 2002 2:13 am Post subject: |
|
|
Well, I'm not as concerned with my own ability to work around this as I am with other users I add to the system.
I want all logins to be done via RSA keyphrase authentication, regardless of the client, and how they connect.
At the very least, I'd like to disable standard password authentication. Is this possible ? |
|
| Back to top |
|
|
rac
Bodhisattva
Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
|
| Posted: Sat Oct 26, 2002 5:05 am Post subject: |
|
|
| OdinsDream wrote: | | At the very least, I'd like to disable standard password authentication. Is this possible ? |
In /etc/ssh/sshd_config, | Code: | # To disable tunneled clear text passwordsl, change to no here!
PasswordAuthentication no |
_________________
For every higher wall, there is a taller ladder |
|
| Back to top |
|
|
|
Networking & Security
