On Thu, Jun 19, 2008 at 2:01 PM, <jeff@xxxxxxxxxx> wrote: > I'm trying to make my system a little more secure but still allow it to be > accessed remotely from the internet using ssh and I'm looking for some > guidance. The systems in question are a Fedora 9 and a Fedora Core 6 system. > > The first thing I did was on my workstation (that I ssh from) is create a > public/private key pair and installed the public key in > ~/.ssh/authorized_keys2, and disabled the password authentication in the > /etc/ssh/sshd_config and everything so far works great. I believe the file with the keys is '~/.ssh/authorized_keys', without the '2'. as specified in the sshd_config. AuthorizedKeysFile .ssh/authorized_keys > My issue I came up with is one of the systems sits on my home network behind > a firewall, it would be nice if I can only require the public key for > systems not on my local network, eg only the systems on the internet must > be known. I guess telnet is an option since it is blocked at the firewall. See http://www.employees.org/~satch/ssh/faq/ssh-faq.html In particular item 5.2. > Next question/problem is, if I create an account for somebody to use when > connecting to the system, I must put their public key in their home > directory, can it be done the reverse? In other words can I provide them > a key for the system and if they don't have that key they can not connect > to the system. You put *your* public key in *their* home directory and viceversa. A bit of reading might be helpful. Google for "ssh keys tutorial". > Thanks, Jeff ~af -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
