ssh?
Aldo Foot
lunixer at gmail.com
Fri Jun 20 01:12:14 UTC 2008
On Thu, Jun 19, 2008 at 2:01 PM, <jeff at bubble.org> wrote:
> I'm trying to make my system a little more secure but still allow it to be
> accessed remotely from the internet using ssh and I'm looking for some
> guidance. The systems in question are a Fedora 9 and a Fedora Core 6 system.
>
> The first thing I did was on my workstation (that I ssh from) is create a
> public/private key pair and installed the public key in
> ~/.ssh/authorized_keys2, and disabled the password authentication in the
> /etc/ssh/sshd_config and everything so far works great.
I believe the file with the keys is '~/.ssh/authorized_keys', without the '2'.
as specified in the sshd_config.
AuthorizedKeysFile .ssh/authorized_keys
> My issue I came up with is one of the systems sits on my home network behind
> a firewall, it would be nice if I can only require the public key for
> systems not on my local network, eg only the systems on the internet must
> be known. I guess telnet is an option since it is blocked at the firewall.
See http://www.employees.org/~satch/ssh/faq/ssh-faq.html
In particular item 5.2.
> Next question/problem is, if I create an account for somebody to use when
> connecting to the system, I must put their public key in their home
> directory, can it be done the reverse? In other words can I provide them
> a key for the system and if they don't have that key they can not connect
> to the system.
You put *your* public key in *their* home directory and viceversa.
A bit of reading might be helpful. Google for "ssh keys tutorial".
> Thanks, Jeff
~af
More information about the fedora-list
mailing list