[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH and RSA

Mike Dresser wrote:


You don't mention whether the previous admin is still with you, but if not,
you'll want to remove his RSA keys from the server, or else you can change your
root password all you want, and he'll still be able to connect, assuming he can
get to the machine via your network/internet.
No, he's not available for help, so yes, I want to change his passwords and the keys associated with the root account.
A couple of quick notes, I just realized that by trying to be cute and putting my comments in angle brackets, those among us who may read html mail, may not be able to see my comments (my bad).
And second, I saw him login once, he was prompted for his RSA key as follows: 
(to the best of my recollection)
ssh root@host.com
enter RSA passkey:
#  <<<---- remote prompt




Duane Powers wrote:


Hi all,

Recently I was made administrator over a dozen Solaris boxen <heh>
The prior admin was offsite and used ssh with rsa keys to access the boxes.
He allowed root login, and used the RSA key functionality to keep the root
password safe.
I am not as mature as he was regarding ssh <newbie> and have only used
ssh as a plug in replacement to telnet, <I tend to not set a different
p/w during
ssh-keygen> and simply access the boxes as follows: ssh -l <me> <hostname>
then I login using the normal p/w that is local to the box. I have found
that he did
not need to transmit the local password over the tunnel, but rather used
RSA to
verify his identity, but I can't find documentation on how to do it.
<man ssh, man ssh-agent, man ssh-add, Practical UNIX & Internet
Security> does anyone have any information on how I can implement the
same safeguards? Or where I can at least find some documentation on
practical ssh implementation.

As always, You guys are great, thanks in advance for the help,

~duane





--
The plan was simple. Unfortunately, so was Bullwinkle.
Reply to: