Re: FTP access to master.debian.org

To: "Brian C. White" <bcwhite@verisim.com>
Cc: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: FTP access to master.debian.org
From: Stuart Lamble <lamble@yoyo.cc.monash.edu.au>
Date: Tue, 21 Jan 97 11:42:36 +1100
Message-id: <[🔎] 199701210042.LAA29425@aurora.cc.monash.edu.au>
In-reply-to: Message from bcwhite@verisim.com of 97-Jan-20 19:1:23, <[🔎] 32E40753.535BE92B@verisim.com>

"Brian C. White" <bcwhite@verisim.com> wrote:
[on ssh to upload packages]
>I've created myself a key pair and both my machine and the gateway have
>ssh installed (and thus host key pairs).
>
>What do I have to put in the .shosts and .ssh/authorized_keys files to
>be able to login this way?

What I did was generate my key pair without a pass phrase. If you give
ssh a passphrase, it will want to know what it is before you can log into
a remote system. I've found .shosts to be irrelevant: ~sjlam/.shosts
on master contains:

aurora.cc.monash.edu.au sjlam1
yoyo.cc.monash.edu.au lamble

However, sjlam1@aurora no longer exists (it's a student account, created
as and when I do subjects that require it, and deleted at the end of the
year) - instead, I use my staff account (lamble@{aurora,silas}). The
important thing is that your authorized_keys file contains your _public_
(not your private) key; it's used to verify your identity on the remote
host. If you have the private key that corresponds to an authorised
public key, you're allowed in. If not, ssh wants to know your password.
I've copied my private key to my silas and aurora accounts, so I can be
authorised from either of those systems. (Not sure about my yoyo account;
I rarely use it. After all, it has over 4000 registered users on it, and
tends to have load averages between 10 and 80...)

Sorry about the way I tend to ramble. Basically, if you have an ssh
key pair, you can copy the private key to machines you trust, and that
you want to login _from_; the public key goes to machines you want to
login _to_. ssh will want to know the passphrase before authentication
is done; if you have no passphrase, you'll get no such request. I
don't believe that masquerading would be a problem, since it's (AFAIK)
the key pair verification that's important.

Any ssh experts (of which I am _not_ one) care to verify/clarify/correct
this?

>If it helps, my machine is named "callandor" and the gateway is
>"gatekeeper.verisim.com".

Somewhat irrelevant, I would imagine.. :)

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Re: FTP access to master.debian.org
  - From: "Brian C. White" <bcwhite@verisim.com>
- Re: FTP access to master.debian.org
  - From: schuller@lunatech.com (Bart Schuller)

References:
- Re: FTP access to master.debian.org
  - From: "Brian C. White" <bcwhite@verisim.com>

Prev by Date: Re: FTP access to master.debian.org
Next by Date: Re: New!!!: Base-passwd 2.0
Previous by thread: Re: FTP access to master.debian.org
Next by thread: Re: FTP access to master.debian.org
Index(es):
- Date
- Thread