host keys authentication

Steve Phillips steve at focb.co.nz
Sat Mar 22 15:07:37 UTC 2008


Scott Ruckh wrote:
[snipped bits]
> Are you saying the client is going to be using SFTP and/or SCP and you 
> would like to use Public Key Authentication (PKA) with no password?  Or 
> are you trying to use FTP/s or something entirely different?  What are 
> the clients, and what are the client platforms that will need to be 
> supported?
> 
> If you are trying to implement SFTP/SCP with PKA you might take a look 
> at http://www.pizzashack.org/rssh/ or 
> http://olivier.sessink.nl/jailkit/.  I successfully implemented both for 
> setting up accounts for SFTP/SCP only access along with PKA for 
> password-less logins.
> 

Also, the latest version of sshd (which may not be the RHEL 5 version) 
also apparently supports chroot jails for sftp, which it didn't in the 
past, you may want to look into upgrading sshd completely.

afaik, the only versions of shhd that supported chroot jails for users 
were the commercial ones before this.

one thing to be aware of when using public key authing is that the 
permissions are very strict, check that the only person with access to 
the .ssh directory is the user themselves. (also, don't permit empty 
passwords, very bad idea)

HTH,

-- 
Steve.




More information about the redhat-list mailing list