Re: Generating SSH Keys

Re: Generating SSH Keys

[Steven Smith]

[-- Attachment #1: Type: text/plain, Size: 1935 bytes --]

> So then I RTFM, and this went over my head; ie.
> a. do I use version 1 or 2 of the protocol?
Version 2 is usually considered more secure, for deep reasons I won't
event pretend to understand.  If everyone involved supports version 2,
use that.

> b. do I create this key on the server and then import to the Win boxes, or
> the other way around? Or must key pairs be generated at BOTH ends?
The usual advice is to generate the key pair on the client, and then
copy the public half of the key to the server.  It should also work to
generate the key on the server and then send the private key to the
client, but it's often considered a very bad idea to put private keys
on a shared machine, even for a short time.

Also, keys are sort-of associated with users rather than logins or
client machines.  For instance, if you want to do passwordless login
to several different machines from a single client, it would be usual
to use the same keypair for each server, with the private key on the
client and a copy of the public key on each server.  This is a lot
easier if the key is generated on the client.

Summary: if at all possible, generate on the client and then copy the
public half to the server.

> c. Where exactly are the keys stored on the linux server? /etc/ssh I assume,
> but what files are most important to look at here?
/etc/ssh is used for system-wide configuration information, such as
the server key.  Individual users whould store their public keys in
${HOME}/.ssh/ .  The exact file to use depends on the ssh server used;
it's usually worth copying them into both authorized_keys and
authorized_keys2.  The format of the file is the same as that
generated by ssh-keygen.

The .ssh directory and the authorized_keys files must be owned by the
user trying to log in, and must be readable only by them.

If you need to authorize several keys, then just concatenate the files
together.

Steven Smith,
sos22@cam.ac.uk.

[-- Attachment #2: Type: application/pgp-signature, Size: 187 bytes --]

Generating SSH Keys

[Eve Atley]

I would like to have remote users connect to certain shares on a linux box,
but securely. I've been reading about SSH and generating keys, but I am
confused how to go about this. I am getting my info from here:
http://www.cs.kuleuven.ac.be/system/security/ssh/setup.shtml

First, I tried to run ssh-keygen, but it's asking me for options I don't
understand.

So then I RTFM, and this went over my head; ie.
a. do I use version 1 or 2 of the protocol?
b. do I create this key on the server and then import to the Win boxes, or
the other way around? Or must key pairs be generated at BOTH ends?
c. Where exactly are the keys stored on the linux server? /etc/ssh I assume,
but what files are most important to look at here?

Thanks,
Eve





-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Generating SSH Keys

[Andrew Langdon-Davies]

Eve Atley wrote:
> I would like to have remote users connect to certain shares on a linux box,
> but securely. I've been reading about SSH and generating keys, but I am
> confused how to go about this.

This may help

http://linux.org.mt/article/ssh

Andrew

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Generating SSH Keys

[Steven Smith]

[-- Attachment #1: Type: text/plain, Size: 1110 bytes --]

> So I've SSHed into my home machine from work (running OpenSSH on Mac OS X).
> Of course it comes up with the prompt about the machine not being found in
> the list and hit no if you don't trust it, etc. I generally, before this,
> have hit 'yes'.
Just to clear something up: the host key (which is what you're being
prompted about here) isn't the same as the user key (which will be
used for authentication).  The host key is used by the client to make
sure that it's talking to the right server; the user key is used by
the server to make sure that it's talking to the right user.

> So if I create a keypair on my Windows machine from work, and put
> the public key on my Macintosh, because I've logged in before
> without a keypair, will it ignore that keypair?
Whether you've logged in before using some other scheme should have no
effect.  If the private key is available on the client and the public
key is authorized for the account on the server, then everything
should work.

I'm not sure how Apple set up the ssh server by default, but I
wouldn't expect there to be any problems with this.

Steven.

[-- Attachment #2: Type: application/pgp-signature, Size: 187 bytes --]