On Sunday 04 January 2009 11:32:24 Mike Cloaked wrote: > Anne Wilson-4 wrote: > > Is a ssh key specific to a computer, or to a user? That is, does my key > > pertain to any box on the lan, as long as I'm the user? Or is it machine > > ssh keys are specific to the user - they are in the users .ssh directory in > their home user directory. Root also has its own .ssh > > On the server side you can choose who to allow to connect and also whether > to allow password connections and many other options in > /etc/ssh/sshd_config and you can find more in "man sshd_config" > On my server I set that up to allow only connection with keys. I presume that any box that might need to be monitored by ssh will need the same treatment. > You need to look up how to generate ssh keys and store them. It is possible > to replicate the .ssh directory for your own user area and put it on the > user area of the same name on a different computer to save the need to > generate new keys. > I feel unsafe about storing keys on a laptop that is going to travel, so I'll need to read up on storing them on a usb stick. At least losing the stick will not make the connection unsafe :-) - I'm unlikely to lose the laptop and stick at the same time. > However you also need to be aware that the system will know if the remote > machine you are connecting to is upgraded - and then when you try to ssh in > you will get a warning saying there is a possible man-in-the middle attack. > In this instance if the remote machine is known to have been reinstalled > for example then in the user area from which you are trying to connect need > to have the entry in .ssh/known_hosts removed by editing (or remove the > known_hosts file) and accept prompts the first time you then subsequently > ssh into another machine. > OK - this is probably not an issue on the server, which runs CentOS, but would be much more so on workstations and laptops. > There are tutorials on the net and a google search will find them fairly > easily. Yes, I set it up from such a tutorial, but sometimes I need to check that I have understood/remembered something correctly. Especially when it concerns something relevant to security. Anne
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
