Re: SSH and RSA
Without SSH enabled, I was able to pass my root user account from one
trusted Solaris Box to another with an /.rhost and /etc/host.equiv file.
#cat .rhost
Doctor
#cat /etc/host.equiv
Doctor root
For example, Doctor would be the solaris hostname and root would be the
account. This leaves a big security hole, so I only activate it when
I am doing backups for about 4-5 hours each month. Maybe someone on
the list can help with the RSA since I am fairly new in that field also
Dan
---- Duane Powers <duane@uberLAN.net> wrote:
> Hi all,
>
> Recently I was made administrator over a dozen Solaris boxen <heh>
> The prior admin was offsite and used ssh with rsa keys to access the
> boxes.
> He allowed root login, and used the RSA key functionality to keep the
> root
> password safe.
> I am not as mature as he was regarding ssh <newbie> and have only used
> ssh as a plug in replacement to telnet, <I tend to not set a different
>
> p/w during
> ssh-keygen> and simply access the boxes as follows: ssh -l <me> <hostname>
> then I login using the normal p/w that is local to the box. I have
> found
> that he did
> not need to transmit the local password over the tunnel, but rather
> used
> RSA to
> verify his identity, but I can't find documentation on how to do it.
>
> <man ssh, man ssh-agent, man ssh-add, Practical UNIX & Internet
> Security> does anyone have any information on how I can implement the
>
> same safeguards? Or where I can at least find some documentation on
>
> practical ssh implementation.
>
> As always, You guys are great, thanks in advance for the help,
>
>
> ~duane
>
> --
>
> The plan was simple. Unfortunately, so was Bullwinkle.
>
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
___________________________________________________________________
To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax,
all in one place - sign up today at http://www.zdnetonebox.com
Reply to: