Roy Harrison wrote:
> Thanks for the info on root.
>
> The reason I'm using SSH is that we have DSL users with dynamic IP's. A:
> Our telnet wrappers are useless and B: even if it could be used, it's
> unencrypted.
>
> I was under the impression that with secure shell you could generate a key
> on the sever that would have to be given to the work station before the
> work station could access the server AND you would have control over who
> gets that key. I see the exchange of keys taking place here, but it's being
> done with out any directive from me.
>
> Maybe I've been barking up the wrong tree with this.
Roy,
I am under the impression that it works the opposite of what your post says.
That is I generate a key on the workstation and place the identity.pub
(default name) in the authorized_keys in the ~/.ssh directory of the the user
to be logged in as. At least that is the way I am doing it. That way the
server administrator has the control over who can login by removing the keys
from the authorized_keys files. There is a session key that is generated at
the begining of the session that changes every hour by default. It is this
key that is used to encrypt the data. I believe this happens first before any
authentification occurs. Host keys are also exchanged I believe tand used to
check to see if the host is who it says it is compared to the last time. Or,
if this is the first time you should get a Host key not found sort of message
and asked if you want to continue. I belive at this point the host key is
added to the known_hosts file.
I may not have this down perfectly but I believe this is very close to how it
works.
Hope this helps.
Bret
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
