[NTLUG:Discuss] SSH
severian@pobox.com
severian at pobox.com
Tue Oct 14 22:30:43 CDT 2003
Chris,
Thank you for the feedback. I am glad to see someone who has done this
tell me my impression of Type 1 keys and open ports is appropriate. If
anything, your statements tell me I underestimated the need the need to
close all ports.
As for authentication, I would like to clarify things a bit. I talked
about generating keys with OpenSSH. What I did was generate one set of
keys for a remote machine and I was going to give them to each of three
users. I now believe that is a bad idea. I should generate a unique set
of keys for each user. I did not realize the passwords were passed in the
clear, so I really need the keys for each user and I changed
PasswordAuthentication today. And I might as well generate the two Windows
users keys with Putty, so that problem is gone. Since the key contains the
user's IP or DNS name, I think I need to assign a name to each user, put
the name in the user's hosts file and the hosts file on the Linux Gateway
server. Then the keys should work, and I'll have to keep the hosts files
up to date when the remote users IP addresses change. I know one remote
user is a SouthWestern Bell DSL user and the other s cable modem, I
think. Does all this seem reasonable? Am I being overly complicated?
Thanks,
Ralph
More information about the Discuss
mailing list