Re: SSH and RSA
You don't mention whether the previous admin is still with you, but if not,
you'll want to remove his RSA keys from the server, or else you can change your
root password all you want, and he'll still be able to connect, assuming he can
get to the machine via your network/internet.
Duane Powers wrote:
> Hi all,
> Recently I was made administrator over a dozen Solaris boxen <heh>
> The prior admin was offsite and used ssh with rsa keys to access the boxes.
> He allowed root login, and used the RSA key functionality to keep the root
> password safe.
> I am not as mature as he was regarding ssh <newbie> and have only used
> ssh as a plug in replacement to telnet, <I tend to not set a different
> p/w during
> ssh-keygen> and simply access the boxes as follows: ssh -l <me> <hostname>
> then I login using the normal p/w that is local to the box. I have found
> that he did
> not need to transmit the local password over the tunnel, but rather used
> RSA to
> verify his identity, but I can't find documentation on how to do it.
> <man ssh, man ssh-agent, man ssh-add, Practical UNIX & Internet
> Security> does anyone have any information on how I can implement the
> same safeguards? Or where I can at least find some documentation on
> practical ssh implementation.
> As always, You guys are great, thanks in advance for the help,