[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: host keys authentication



Scott Ruckh wrote:
[snipped bits]
Are you saying the client is going to be using SFTP and/or SCP and you would like to use Public Key Authentication (PKA) with no password? Or are you trying to use FTP/s or something entirely different? What are the clients, and what are the client platforms that will need to be supported?

If you are trying to implement SFTP/SCP with PKA you might take a look at http://www.pizzashack.org/rssh/ or http://olivier.sessink.nl/jailkit/. I successfully implemented both for setting up accounts for SFTP/SCP only access along with PKA for password-less logins.


Also, the latest version of sshd (which may not be the RHEL 5 version) also apparently supports chroot jails for sftp, which it didn't in the past, you may want to look into upgrading sshd completely.

afaik, the only versions of shhd that supported chroot jails for users were the commercial ones before this.

one thing to be aware of when using public key authing is that the permissions are very strict, check that the only person with access to the .ssh directory is the user themselves. (also, don't permit empty passwords, very bad idea)

HTH,

--
Steve.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]