* Eric G. Miller <egm2@jps.net> [2001.11.27 19:41:23-0800]: > Don't you mean the *public* key? In fact, don't you want > the server to have the public key of the user, and then that > user has to use their private key and their passphrase to > authenticate themselves to the CVS server via ssh? I'm on > the user end of such a setup, and I don't have any key for > the server but it does have my public key. Use ssh-agent > to manage authentication/passphrase...
that's a good point. you can either generate a keypair on the server and distribute the private key to multiple people, or you can create a keypair per user and add all those public keys to authorized_keys(2). there is no question that the second method is better. in fact, the first one SUCKS and should not be used. with the second method, you have more administrative overhead, but you can also just simply take privileges away from a single user without anyone else having to worry or changing passwords or getting a new identity or this or that. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] stay the patient course. of little worth is your ire. the network is down.
pgpqT7eCMW4F7.pgp
Description: PGP signature
