Re: ssh keys from two behind-the-firewall boxes?
Hi,
On Fri, Jan 31, 2003 at 06:08:31PM -0600, will trillich wrote:
> this is probably item #2 of the really-obvious-faq that i'm not
> yet aware of, so i'll go ahead and ask because i haven't taken
> the opportunity to look like a goober in, oh, about half a day,
> now...
>
> doing the ssh-keygen thing works like a charm; you copy your
> private keys to the remote box and then just slap it into your
^^^^^^^^^^^^ NO!
You copy public key to remote machine. You keep private key in local
machine in front of you securely :-)
This way, even if this key is stolen, all the thief can do is send you
a e-mail and invite you to log into their machine without key word.
> ~/.ssh/authorized_keys file and poof, no more passwords! so now
> you can run ssh-driven scripts without having to worry about the
> username/password interruption.
>
> it's ip-based, isn't it?
SSH checks IP as a part of prudence but its core authentication process
is not IP based.
> workstation workstation workstation
> 192.168.1.2 192.168.1.100 192.168.1.201
> key xyzpdq key 1234567 key x0x0x0x0
> | | |
> +---------------+----------------+
> |
> 192.168.1.5
> firewall
> 208.33.90.85
> |
> {web}
> |
> 11.22.33.44
> remote box
>
> but the remote just sees all the 192.168.1.* boxes as
> 208.33.90.85, right? where's the doc on getting ALL the
> 192.168.1.* boxes to ssh password-free to the remote machine?
> (or, when it challenges, the challenge only reaches the
> firewall, something like that. hmm?)
>
> so far, my experience has been that i can ssh password-free
> only from the 'on-the-public-link' firewall.
>
> --
> I use Debian/GNU Linux version 3.0;
> Linux server 2.4.20-k6 #1 Mon Jan 13 23:49:14 EST 2003 i586 unknown
>
--
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ +++++
Osamu Aoki <osamu@debian.org> Cupertino CA USA, GPG-key: A8061F32
.''`. Debian Reference: post-installation user's guide for non-developers
: :' : http://qref.sf.net and http://people.debian.org/~osamu
`. `' "Our Priorities are Our Users and Free Software" --- Social Contract
Reply to: