Without SSH enabled, I was able to pass my root user account from one trusted Solaris Box to another with an /.rhost and /etc/host.equiv file. #cat .rhost Doctor
#cat /etc/host.equiv Doctor root For example, Doctor would be the solaris hostname and root would be the account. This leaves a big security hole, so I only activate it when I am doing backups for about 4-5 hours each month. Maybe someone on the list can help with the RSA since I am fairly new in that field also Dan ---- Duane Powers <[EMAIL PROTECTED]> wrote: > Hi all, > > Recently I was made administrator over a dozen Solaris boxen <heh> > The prior admin was offsite and used ssh with rsa keys to access the > boxes. > He allowed root login, and used the RSA key functionality to keep the > root > password safe. > I am not as mature as he was regarding ssh <newbie> and have only used > ssh as a plug in replacement to telnet, <I tend to not set a different > > p/w during > ssh-keygen> and simply access the boxes as follows: ssh -l <me> <hostname> > then I login using the normal p/w that is local to the box. I have > found > that he did > not need to transmit the local password over the tunnel, but rather > used > RSA to > verify his identity, but I can't find documentation on how to do it. > > <man ssh, man ssh-agent, man ssh-add, Practical UNIX & Internet > Security> does anyone have any information on how I can implement the > > same safeguards? Or where I can at least find some documentation on > > practical ssh implementation. > > As always, You guys are great, thanks in advance for the help, > > > ~duane > > -- > > The plan was simple. Unfortunately, so was Bullwinkle. > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > ___________________________________________________________________ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com
