Re: SSH and RSA
Duane Powers wrote:
> Hi all,
[ ... ]
> I have found
> that he did
> not need to transmit the local password over the tunnel, but rather used
> RSA to
> verify his identity, but I can't find documentation on how to do it.
> <man ssh, man ssh-agent, man ssh-add, Practical UNIX & Internet
> Security> does anyone have any information on how I can implement the
> same safeguards?
[ ... ]
He probably simply generated a public/private key on his local machine,
and then ftp'd (or somehow transmitted) his public key to the remote
host. Somewhere within the SSH protocol, his local private key is used
to sign something which is then decrypted by the remote public key. Only
someone who holds the correct private key would be able to sign
something which could be decrypted by the public key so this authorises
client (you) to the server.
To set this up, you just have to do ssh-keygen locally then append
~local_user/.ssh/identity.pub to ~remote_user/.ssh/authorized_keys. You
should then be able to do "ssh -l remote_user foo.com" without being
asked for a password.
I think that's right, but check the manpages anyway.