ssh server configuration question
Hi All,
I would like to configure a Debian server to only allow clients to ssh
in if the public keys (probably RSA keys) already reside on the hard
drives of both machines.
After spending some time in the snail book I am able to use
"StrictHostKeyChecking yes" in the clients /etc/ssh/ssh_config file to
cause the client to refuse to establish a ssh connection unless the
server's public key is in the client's /home/user-name/.ssh/known_hosts
file. This is useful in preventing "overly trusting users" from blindly
answering "yes" and accepting man-in-the-middle keys when connecting to
a new server. But, this does not restrict who can connect to the server.
I tried putting "StrictHostKeyChecking yes" in the server's
/etc/ssh/sshd_config file but I got a "bad configuration option" error.
My server's /etc/ssh/sshd_config file has "PublicKeyAuthentication yes"
and "PasswordAuthentication no". I am uneasy about experimenting with
PublicKeyAuthentication without having a better understanding of what it
really does. I don't want to turn off any authentication features or
turn off any encryption features and leave myself wide open but thinking
that I am secure.
Thus, I think my goal is simple, I have paid some dues and I am hitting
a brick wall. I don't want any client computers to be able to ssh into
my server unless they already have the key on their hard drive.
Any suggestions?
Thank you,
Bruce
Reply to: