On 6/5/2014 2:46 AM, Warren Young arranged the binary bits such that: > On 6/4/2014 16:05, Roger Vicker, CCP wrote: >> 3) deliver the private key to the user along with the rest of the >> instructions on how to use it in the provided apps. > How were you planning on delivering these sensitive private keys? Via > insecure email, perhaps?
These particular users are barely computer literate so I would be copying the private keys directly to their Android devices and setting up the apps that need to use SSH as a tunnel to connect to their server side apps. > Use ssh as it was designed: have the users generate their own local > keypairs, and have them email the public key to you. The words we use > here mean something. The *public* key goes out over the public link, > and the *private* key stays at home. > I know security. That is why we are implementing SSH with keys to further secure a remote protocol. VPN is not as practical given the level of the users, the specific remote devices and app. > It's not like the commands are difficult. They set up a local Cygwin, > add the openssh package, then say: > > $ ssh-keygen > ...press Enter a bunch of times... > $ cat ~/.ssh/id_rsa.pub > /dev/clipboard > ...compose email to rvicker, paste > >> With out their passwords I can't login to establish their $home >> directory structure, > Take a look at /etc/profile, starting at line 75. See the stuff about > /etc/skel? That's how the user's home directory gets set up. Nothing > magic here. You could cut those couple-dozen lines into a new script > and tweak it for your purposes. > > The only trick is that if you do all this as administrator, you'll > have to say something like > > # chown -R otheruser.otheruser ~otheruser > > after you get done setting up the user's home directory. > -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
