Alexander Dalloz escreveu:
Am Mo, den 11.07.2005 schrieb Michael Yep um 22:12:
Client machine WinXP
Directory of c:\Documents and Settings\myep\.ssh
07/08/2005 01:56 PM <DIR> .
07/08/2005 01:56 PM <DIR> ..
07/08/2005 01:43 PM 951 id_rsa
07/08/2005 01:43 PM 238 id_rsa.pub
07/08/2005 01:53 PM 477 known_hosts
Server machine FC4
[root@localhost .ssh]# ll
total 24
-rw------- 1 rlback rlback 238 Jul 8 13:48 authorized_keys
-rw------- 1 rlback rlback 951 Jul 8 13:43 id_rsa
-rw------- 1 rlback rlback 238 Jul 8 13:43 id_rsa.pub
Can someone tell me if this is correct?
Do you intend to connect from client to server and vice versa? If you do
only ssh connect from the client to the server, then on the server you
only have to deposit the public key part (id_rsa.pub) as filename
authorized_keys. It is then safer to remove the private key part
(id_rsa).
Can we even have a good measure of security with keys residing on a
windows machine?
That is hard to say in general. Keep care that no co-worker has access
to your private file area on the client (NTFS is a must!). Don't work as
administrator if you don't have to for some maintenance tasks. Those are
the usual guidelines.
And an additional word about the keys: back them up somewhere at a safe
place. I.e. use a memory stick with an encryption on it. Maybe even
don't store the keys on the client but just have them on a media you
carry with you (backup with other important data on a CD). PuTTY can run
from an USB stick and needs no installation process on Windows®.
Michael Yep
Alexander
But we can use a distro live CD, for example, the Knoppix Live CD, that
has NTFS support, and then boot the computer with it. So we can see the
entire content of the HD.
I agree with the Alexander suggestion to put the key on a memory stick.
Or on a CD.
I think even a Linux Server can be seen with a Live CD.
So the physical access to important computer must restrictive.
Regards,
Vinicius.