ssh?

Aldo Foot lunixer at gmail.com
Fri Jun 20 01:12:14 UTC 2008


On Thu, Jun 19, 2008 at 2:01 PM,  <jeff at bubble.org> wrote:
> I'm trying to make my system a little more secure but still allow it to be
> accessed remotely from the internet using ssh and I'm looking for some
> guidance.  The systems in question are a Fedora 9 and a Fedora Core 6 system.
>
> The first thing I did was on my workstation (that I ssh from) is create a
> public/private key pair and installed the public key in
> ~/.ssh/authorized_keys2, and disabled the password authentication in the
> /etc/ssh/sshd_config and everything so far works great.

I believe the file with the keys is '~/.ssh/authorized_keys', without the '2'.
as specified in the sshd_config.
AuthorizedKeysFile      .ssh/authorized_keys

> My issue I came up with is one of the systems sits on my home network behind
> a firewall, it would be nice if I can only require the public key for
> systems not on my local network, eg only the systems on the internet must
> be known.  I guess telnet is an option since it is blocked at the firewall.

See http://www.employees.org/~satch/ssh/faq/ssh-faq.html
In particular item 5.2.

> Next question/problem is, if I create an account for somebody to use when
> connecting to the system, I must put their public key in their home
> directory, can it be done the reverse?  In other words can I provide them
> a key for the system and if they don't have that key they can not connect
> to the system.

You put *your* public key in *their* home directory and viceversa.

A bit of reading might be helpful. Google for "ssh keys tutorial".

> Thanks, Jeff

~af




More information about the fedora-list mailing list