[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh / putty question



Benedict Verheyen <linux4bene@pandora.be> [2002-08-04 15:46:44 +0200]:
> How would users make a keypair if i had set PasswordAuthentication
> to no?  Then they cannot even login to make a pair? What's the
> proper policy for this?  My method required me to use the less save
> password authentication but there are probably better ways to do
> this, no ?

As another poster said, you can create them remotely.  But no matter
what you still have to get them installed on the system and there is
no way to do that without some type of login.  You either have to pull
them from there or push them from here.  You will always need some way
to bootstrap the system.

Some systems, for example sourceforge, use a web server to allow
external users to submit keys.  The web interface handles the behind
the scenes key setup.

Personally I do allow password logins to my systems and live with the
potential for a user to compromise their password.  I strongly
encourage using the password only to set up an RSA key pair and then
to use the RSA key to authenticate.

> Also, Putty doesn't seem to work (at least here) with type "rsa" keys.

I believe putty only works with DSA keys and not RSA keys.  Until the
RSA patent expired many programs used alternate methods to avoid the
US patent issues.  That patent is expired now and no reason to avoid
RSA today.  However, putty.exe predates that and uses DSA keys.

Bob

Attachment: pgpHw7W2LYv4E.pgp
Description: PGP signature


Reply to: