[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian SSH server configuration



On Tue, Apr 25, 2006 at 07:23:26PM -0400, Bruce Corbin wrote:
> Hi All,
> 
> I would like to configure a Debian server to only allow clients to ssh 
> in if the public keys (probably RSA keys) already reside on the hard 
> drives of both machines.
> 
> After spending some time in the snail book I am able to use 
> "StrictHostKeyChecking yes" in the clients /etc/ssh/ssh_config file to 
> cause the client to refuse to establish a ssh connection unless the 
> server's public key is in the client's /home/user-name/.ssh/known_hosts 
> file.  This is useful in preventing "overly trusting users" from blindly 
> answering "yes" and accepting man-in-the-middle keys when connecting to 
> a new server.  But, this does not restrict who can connect to the server.
> 
> I tried putting "StrictHostKeyChecking yes" in the server's 
> /etc/ssh/sshd_config file but I got a "bad configuration option" error.
> My server's /etc/ssh/sshd_config file has "PublicKeyAuthentication yes" 
> and "PasswordAuthentication no".  I am uneasy about experimenting with 
> PublicKeyAuthentication without having a better understanding of what it 
> really does.  I don't want to turn off any authentication features or 
> turn off any encryption features and leave myself wide open but thinking 
> that I am secure.
> 
> Thus, I think my goal is simple, I have paid some dues and I am hitting 
> a brick wall.  I don't want any client computers to be able to ssh into 
> my server unless they already have the key on their hard drive.
> 
> Any suggestions?
> 
> Thank you,
> Bruce

It sounds like what you are asking for is host based authentication,
where the server check to make sure that it has the host public key
of the client, as well as the client making sure that it has the host
public key of the server. 

In general I think this is a bad idea, as it is less secure than the
default approach where he server uses the host private key to prove
to the client (via the host public key in the clients known_hosts file)
that it is the server it thinks it is, and then the client user proves
his/her identity using a personal private key. 

Host bast authentication, once the two hosts are satisfied that they
know each other, falls back to the old /etc/hosts.equiv and $HOME/.rhosts 
style of authentication.

I think the closest thing to what you are asking for would be
to require that the servers public host key be on the clients hard
disk, and the client users public key be no the
servers hard disk.

You do that by selecting the StrictHostKeyChecking option on the
client machine as you have done, and by also disabling password
(and anything else but the type of public key authentication you
opt for) based authentication.

You still stop the black hats from trying to guess passwords
using your ssh server. 

Regards,
DigbyT
-- 
Digby R. S. Tarvin                                          digbyt(at)digbyt.com
http://www.digbyt.com



Reply to: