SSH publickey auth

Vinicius cviniciusm at terra.com.br
Tue Jul 12 00:29:11 UTC 2005 

Alexander Dalloz escreveu:
> Am Mo, den 11.07.2005 schrieb Michael Yep um 22:12:
> 
> 
>>Client machine WinXP
>> Directory of c:\Documents and Settings\myep\.ssh
>>
>>07/08/2005  01:56 PM    <DIR>          .
>>07/08/2005  01:56 PM    <DIR>          ..
>>07/08/2005  01:43 PM               951 id_rsa
>>07/08/2005  01:43 PM               238 id_rsa.pub
>>07/08/2005  01:53 PM               477 known_hosts
>>
>>Server machine FC4
>>[root at localhost .ssh]# ll
>>total 24
>>-rw-------  1 rlback rlback 238 Jul  8 13:48 authorized_keys
>>-rw-------  1 rlback rlback 951 Jul  8 13:43 id_rsa
>>-rw-------  1 rlback rlback 238 Jul  8 13:43 id_rsa.pub
>>
>>Can someone tell me if this is correct?
> 
> 
> Do you intend to connect from client to server and vice versa? If you do
> only ssh connect from the client to the server, then on the server you
> only have to deposit the public key part (id_rsa.pub) as filename
> authorized_keys. It is then safer to remove the private key part
> (id_rsa).
> 
> 
>>Can we even have a good measure of security with keys residing on a 
>>windows machine?
> 
> 
> That is hard to say in general. Keep care that no co-worker has access
> to your private file area on the client (NTFS is a must!). Don't work as
> administrator if you don't have to for some maintenance tasks. Those are
> the usual guidelines.
> 
> And an additional word about the keys: back them up somewhere at a safe
> place. I.e. use a memory stick with an encryption on it. Maybe even
> don't store the keys on the client but just have them on a media you
> carry with you (backup with other important data on a CD). PuTTY can run
> from an USB stick and needs no installation process on Windows®.
> 
> 
>>Michael Yep
> 
> 
> Alexander
> 
> 
> 

But we can use a distro live CD, for example, the Knoppix Live CD, that 
has NTFS support, and then boot the computer with it. So we can see the 
entire content of the HD.

I agree with the Alexander suggestion to put the key on a memory stick. 
Or on a CD.

I think even a Linux Server can be seen with a Live CD.

So the physical access to important computer must restrictive.


Regards,

Vinicius.

More information about the fedora-list mailing list