Re: [Fwd: Re: Debian SSH server configuration]

To: debian-user@lists.debian.org
Subject: Re: [Fwd: Re: Debian SSH server configuration]
From: amacater@galactic.demon.co.uk (Andrew M.A. Cater)
Date: Wed, 26 Apr 2006 18:12:38 +0000
Message-id: <[🔎] 20060426181237.GA4241@galactic.demon.co.uk>
In-reply-to: <[🔎] 444ECC2D.7070200@aol.com>
References: <[🔎] 444ECC2D.7070200@aol.com>

On Tue, Apr 25, 2006 at 09:26:05PM -0400, Bruce Corbin wrote:
> Thanks.  I'll read up on certificates and read the link at the bottom of 
> your reply.  It's not sinking in at the moment but hopefully it will 
> after a little reading.
> 
> With respect to the problem:  I want to have files on my "server" at 
> home and have my laptop be the only "out of house" machine that can 
> access them.  This much I have already, but I enter a password to get 
> in.  I may be off base, but it seems like I should be able to have the 
> key on the laptop and get in without using a password or pass phrase.  
> It isn't really a big deal, but it bothers me that I think I should be 
> able to do it but I can't find a way.
> 
OK. As your user, run ssh-keygen -t dsa -b 2048

[Generates a key, DSA, 2048 bits] or similar.

When it asks you for a passphrase, hit <Enter> twice - you have a null
passphrase (which is fractionally less secure but that's probably OK.)

Carrying out the above process creates a .ssh directory underneath your
home directory. In it you should find an id_dsa and an id_dsa.pub

PUBLIC is in capitals below only for emphasis: try hard not to copy
private keys anywhere :)

id_dsa.pub is your PUBLIC key on that machine. That's the key you copy
over. id_dsa is your PRIVATE key: that never goes anywhere and should be
kept safe.

Touch a file in the ssh directory which will hold the keys from other
machines - it must be called authorized_keys. Change its ownership
to 0600 - read/write only for the owner. You need one of these files
on each machine for passwordless login.

touch authorized_keys ; chmod 0600 authorized_keys

You need to copy across PUBLIC keys from other machines that you want 
to access to this file: similarly, they need the PUBLIC key from this
machine.

If the other machine is called foo and this one is bar and you are user myuser
- scp foo's public key to the .ssh directory on bar

<bar> cd ~/.ssh

<bar> scp foo:/home/myuser/.ssh/id_dsa.pub foo_id_dsa.pub

<bar> cat foo_id_dsa.pub >> authorized_keys

Same the other way on foo with bar's keys.

<foo> cd ~/.ssh scp bar:/home/myuser/.ssh/id_dsa.pub bar_id_dsa.pub

<foo> cat bar_id_dsa.pub >> authorized_keys

Now try an ssh from one to the other.  Once you're satisfied, then you
can delete the foo/bar_id_dsa.pub copies.

This is all more than explained in various FAQ's and, excellently, in
the O'Reilly book on SSH.

> Another application for this is that it is a server oriented way of 
> avoiding the man-in-the-middle issue for the first connection.  I 
> currently have no concern over this, but it is another example.
> 
> Thank you,
You're welcome.

> Bruce
> 

Andy

Reply to:

Follow-Ups:
- Re: [Fwd: Re: Debian SSH server configuration]
  - From: "Martin A. Brooks" <martin@antibodymx.net>

References:
- [Fwd: Re: Debian SSH server configuration]
  - From: Bruce Corbin <brucefla@aol.com>

Prev by Date: Re: Gnome/KDE resources
Next by Date: Re: Gnome/KDE resources
Previous by thread: [Fwd: Re: Debian SSH server configuration]
Next by thread: Re: [Fwd: Re: Debian SSH server configuration]
Index(es):
- Date
- Thread