Re: SSH publickey auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Mo, den 11.07.2005 schrieb Michael Yep um 22:12:

> Client machine WinXP
>  Directory of c:\Documents and Settings\myep\.ssh
> 
> 07/08/2005  01:56 PM    <DIR>          .
> 07/08/2005  01:56 PM    <DIR>          ..
> 07/08/2005  01:43 PM               951 id_rsa
> 07/08/2005  01:43 PM               238 id_rsa.pub
> 07/08/2005  01:53 PM               477 known_hosts
> 
> Server machine FC4
> [root@localhost .ssh]# ll
> total 24
> -rw-------  1 rlback rlback 238 Jul  8 13:48 authorized_keys
> -rw-------  1 rlback rlback 951 Jul  8 13:43 id_rsa
> -rw-------  1 rlback rlback 238 Jul  8 13:43 id_rsa.pub
> 
> Can someone tell me if this is correct?

Do you intend to connect from client to server and vice versa? If you do
only ssh connect from the client to the server, then on the server you
only have to deposit the public key part (id_rsa.pub) as filename
authorized_keys. It is then safer to remove the private key part
(id_rsa).

> Can we even have a good measure of security with keys residing on a 
> windows machine?

That is hard to say in general. Keep care that no co-worker has access
to your private file area on the client (NTFS is a must!). Don't work as
administrator if you don't have to for some maintenance tasks. Those are
the usual guidelines.

And an additional word about the keys: back them up somewhere at a safe
place. I.e. use a memory stick with an encryption on it. Maybe even
don't store the keys on the client but just have them on a media you
carry with you (backup with other important data on a CD). PuTTY can run
from an USB stick and needs no installation process on Windows®.

> Michael Yep

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
Serendipity 00:11:06 up 16 days, 7:03, load average: 0.59, 0.36, 0.23 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux