Re: [SSH] seawolf-list@listman.redhat.com

["A.J. Werkman" <werkman digifarma nl>]

At 16:54 10-06-2001 -0500, you wrote:
> On Sun, 10 Jun 2001, A.J. Werkman wrote:
>
> >
> > Not exactly. Imagine me being somwhere (on holiday;) ) on the internet,
> > getting an IP address assigned from an ISP and wanting to contact my linux
> > box. I do not know in advance which address I will get assigned. So I can't
> > even configure on a per host basis. Also it is possible to forge an IP
> > address. I believe so called in between attacks.
> >
> > The sollution would be to use VPN's like cipe. But I was wondering if ssh
> > is that secure, with encryption, digital certificates and signatures, that
> > it could be used without the use of VPN safety. That would make life a lot
> > easier.
> >
> >
> > Koos
> >
> >
> If you do not accept password logins, but only let someone log in with
> the public/private key pair, you can cut down on the risk.  The system
> have to have a copy of the public key in .ssh/authorized_keys in the

Do you know if this authorized_keys file can be used system wide. Not on a 
per user basis as you describe here.???
In this way, can you prevent a user from logging in without a know private 
key???


> user's home directory.  It stops faking the IP address because you need
> the private key to log in.  It stops man in the middle attackes if you
> have the server key in your known_hosts file - you get a warning if the
> host you are logging into doesn't have the correct host key.  The only
> danger is if you do not have a password on your private key, and
> somebody cracks your system and gets the key.  You do have to bring your
> private key, and your known_hosts file with you.  (On your laptop, or on
> a disk to use with another computer...)
>
> One thing I have found handy is to have a floppy with PUtty, the

Is this a program?? MS or Linux???


> known_hosts file, and a password protected private key.  That way, I can
> use any Windows machine that has a 3-1/2" floppy drive by running off
> the floppy.  If it is a Linux machine, I can use the key and known_hosts
> file with openssh.  One of these days I am going to make a mini-CD with
> openssh, and PUtty, and all the config files, so I can use it with any
> computer.
>
> Another idea would be to burn a Linuxcare BBC with the key files and ssh
> already installed.  Then you could use any PC that will boot off a CD,
> and has an internet connection...
>
> Mikkel
>  --
>
>     Do not meddle in the affairs of dragons,
>  for you are crunchy and taste good with ketchup.
>
>
>
> _______________________________________________
> Seawolf-list mailing list
> Seawolf-list redhat com
> https://listman.redhat.com/mailman/listinfo/seawolf-list