Re: SSH and RSA
Mike Dresser wrote:
You don't mention whether the previous admin is still with you, but if not,
you'll want to remove his RSA keys from the server, or else you can change your
root password all you want, and he'll still be able to connect, assuming he can
get to the machine via your network/internet.
No, he's not available for help, so yes, I want to change his passwords
and the keys associated with the root account.
A couple of quick notes, I just realized that by trying to be cute and
putting my comments in angle brackets, those among us who may read html
mail, may not be able to see my comments (my bad).
And second, I saw him login once, he was prompted for his RSA key as
(to the best of my recollection)
enter RSA passkey:
# <<<---- remote prompt
Duane Powers wrote:
Recently I was made administrator over a dozen Solaris boxen <heh>
The prior admin was offsite and used ssh with rsa keys to access the boxes.
He allowed root login, and used the RSA key functionality to keep the root
I am not as mature as he was regarding ssh <newbie> and have only used
ssh as a plug in replacement to telnet, <I tend to not set a different
ssh-keygen> and simply access the boxes as follows: ssh -l <me> <hostname>
then I login using the normal p/w that is local to the box. I have found
that he did
not need to transmit the local password over the tunnel, but rather used
verify his identity, but I can't find documentation on how to do it.
<man ssh, man ssh-agent, man ssh-add, Practical UNIX & Internet
Security> does anyone have any information on how I can implement the
same safeguards? Or where I can at least find some documentation on
practical ssh implementation.
As always, You guys are great, thanks in advance for the help,
The plan was simple. Unfortunately, so was Bullwinkle.