-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Duane Powers wrote:
> Hi all,
>
> Recently I was made administrator over a dozen Solaris boxen <heh>
> The prior admin was offsite and used ssh with rsa keys to access the
boxes.
> He allowed root login, and used the RSA key functionality to keep the
root
> password safe.
> I am not as mature as he was regarding ssh <newbie> and have only used
> ssh as a plug in replacement to telnet, <I tend to not set a different
> p/w during
> ssh-keygen> and simply access the boxes as follows: ssh -l <me>
<hostname>
> then I login using the normal p/w that is local to the box. I have found
> that he did
> not need to transmit the local password over the tunnel, but rather used
> RSA to
> verify his identity, but I can't find documentation on how to do it.
> <man ssh, man ssh-agent, man ssh-add, Practical UNIX & Internet
> Security> does anyone have any information on how I can implement the
> same safeguards? Or where I can at least find some documentation on
> practical ssh implementation.
>
> As always, You guys are great, thanks in advance for the help,
Some notes: this example is done with OpenSSH
from a Debian/GNU Linux Box to a Sun Enterprise 250 running Solaris 8
SSH Protocol Version 1.5
if you need it I can send you a example with Protocol Version 2.
[EMAIL PROTECTED] ]$ ssh-keygen
[EMAIL PROTECTED] ]$ cd ~/.ssh
[EMAIL PROTECTED] ]$ scp identity.pub [EMAIL PROTECTED]:/.ssh/[EMAIL PROTECTED]
[EMAIL PROTECTED] ]$ ssh -l root remotebox
[EMAIL PROTECTED] cd ~/.ssh
[EMAIL PROTECTED] pwd
/.ssh
[EMAIL PROTECTED] cat [EMAIL PROTECTED] >> authorized-keys
[EMAIL PROTECTED] exit
[EMAIL PROTECTED] ]$ ssh -l root remotebox
Now enter the passphrase you've used when you kreated your keys with
ssh-keygen and that's it :-)
greets Doc aka. Uwe A. P. Wuerdinger
- --
X-Tec GmbH
Institute for Computer and Network Security
WWW : http://www.x-tec.de/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6kiwUt+9CfNoR4PERAoWOAJ9bhJmZKl++Q4206jYCMdbuWh3GqwCgnarR
NlfOEep6Mu3i7okvVU8Ur0I=
=h9ZT
-----END PGP SIGNATURE-----
