On Tue, May 22, 2001 at 01:13:10PM +1200 or so it is rumoured hereabouts, Mark Foster thought: > As far as im aware, OpenSSH2 uses /etc/hosts.allow ? > > [blakjak@phoenix blakjak]$ telnet localhost 22 > Trying 127.0.0.1... > Connected to phoenix. > Escape character is '^]'. > SSH-1.99-OpenSSH_2.3.0p1 > > Other than that, chec out the config files in /etc/ssh ? Or you could look at using /etc/ssh_known_hosts and $HOME/.ssh/authorized_keys These files contain the public keys for the hosts and users who are allowed connect without passwords. for example... host foo users tim, john host bar users tim, john in foo:/etc/ssh_known_hosts you have the public host key for bar in foo:/home/tim/.ssh/authorized_keys you have the public key for tim@bar in bar:/etc/ssh_known_hosts you have the public host key for foo in bar:/home/tim/.ssh/authorized_keys you have the public key for tim@foo for each host on your network, /etc/ssh_known_hosts contains the public host keys for all the other hosts. For each user on your network, $HOME/.ssh/authorized_keys contains the user's public key which can be the same on all machines on your network or can be different. The easiest way to get this going is to use ssh-keygen on each host to generate the host key. When you have all host keys generated, copy *all* of the .pub keys to a /etc/ssh_known_hosts file on one host. Then copy this file to all machines in your network. For each user, use ssh-keygen to create *one* key pair. Copy the .pub key to $HOME/.ssh/authorized_keys Now copy the .ssh *directory* including the authorized_keys file to the user's home directory on *all* hosts. If you wish to use DSA keys rather than RSA, use ssh-keygen -d to create the keys and use the filenames ssh_known_hosts2 and authorized_keys2 I *think* that'll do it... Conor -- Conor Daly <[EMAIL PROTECTED]> Domestic Sysadmin :-) --------------------- Faenor.cod.ie 8:35pm up 3 days, 8:43, 0 users, load average: 0.08, 0.02, 0.01 Hobbiton.cod.ie 8:36pm up 2 days, 9:37, 2 users, load average: 0.00, 0.00, 0.00 _______________________________________________ techtalk mailing list [EMAIL PROTECTED] http://www.linux.org.uk/mailman/listinfo/techtalk
