Re: ssh keys from two behind-the-firewall boxes?

[Osamu Aoki]

Hi,

On Fri, Jan 31, 2003 at 06:08:31PM -0600, will trillich wrote:
> this is probably item #2 of the really-obvious-faq that i'm not
> yet aware of, so i'll go ahead and ask because i haven't taken
> the opportunity to look like a goober in, oh, about half a day,
> now...
> 
> doing the ssh-keygen thing works like a charm; you copy your
> private keys to the remote box and then just slap it into your
  ^^^^^^^^^^^^ NO!

  You copy public key to remote machine.  You keep private key in local
  machine in front of you securely :-)  

  This way, even if this key is stolen, all the thief can do is send you
  a e-mail and invite you to log into their machine without key word.


> ~/.ssh/authorized_keys file and poof, no more passwords! so now
> you can run ssh-driven scripts without having to worry about the
> username/password interruption.
> 
> it's ip-based, isn't it?

SSH checks IP as a part of prudence but its core authentication process 
is not IP based.

>     workstation     workstation      workstation
>     192.168.1.2    192.168.1.100    192.168.1.201
>     key xyzpdq     key 1234567      key x0x0x0x0
>           |               |                |
>           +---------------+----------------+
>           |
>     192.168.1.5
>     firewall
>     208.33.90.85
>           |
>         {web}
>           |
>     11.22.33.44
>     remote box
> 
> but the remote just sees all the 192.168.1.* boxes as
> 208.33.90.85, right? where's the doc on getting ALL the
> 192.168.1.* boxes to ssh password-free to the remote machine?
> (or, when it challenges, the challenge only reaches the
> firewall, something like that. hmm?)
> 
> so far, my experience has been that i can ssh password-free
> only from the 'on-the-public-link' firewall.
> 
> -- 
> I use Debian/GNU Linux version 3.0;
> Linux server 2.4.20-k6 #1 Mon Jan 13 23:49:14 EST 2003 i586 unknown
>  
-- 
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ +++++
        Osamu Aoki <[EMAIL PROTECTED]>   Cupertino CA USA, GPG-key: A8061F32
 .''`.  Debian Reference: post-installation user's guide for non-developers
 : :' : http://qref.sf.net and http://people.debian.org/~osamu
 `. `'  "Our Priorities are Our Users and Free Software" --- Social Contract


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]