[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH and RSA

Without SSH enabled, I was able to pass my root user account from one
trusted Solaris Box to another with an /.rhost and /etc/host.equiv file.
#cat .rhost

#cat /etc/host.equiv
Doctor  root

For example, Doctor would be the solaris hostname and root would be the
account.  This leaves a big security hole, so I only activate it when
I am doing backups for about 4-5 hours each month.  Maybe someone on
the list can help with the RSA since I am fairly new in that field also


---- Duane Powers <duane@uberLAN.net> wrote:
> Hi all,
> Recently I was made administrator over a dozen Solaris boxen <heh>
> The prior admin was offsite and used ssh with rsa keys to access the
> boxes.
> He allowed root login, and used the RSA key functionality to keep the
> root
> password safe.
> I am not as mature as he was regarding ssh <newbie> and have only used
> ssh as a plug in replacement to telnet, <I tend to not set a different
> p/w during
> ssh-keygen> and simply access the boxes as follows: ssh -l <me> <hostname>
> then I login using the normal p/w that is local to the box. I have
> found 
> that he did
> not need to transmit the local password over the tunnel, but rather
> used 
> RSA to
> verify his identity, but I can't find documentation on how to do it.
> <man ssh, man ssh-agent, man ssh-add, Practical UNIX & Internet 
> Security> does anyone have any information on how I can implement the
> same safeguards? Or where I can at least find some documentation on
> practical ssh implementation.
> As always, You guys are great, thanks in advance for the help,
> ~duane
> -- 
>    The plan was simple.  Unfortunately, so was Bullwinkle. 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax,
all in one place - sign up today at http://www.zdnetonebox.com

Reply to: