[SGVLUG] SSH Keys / Trusted Authentication
Jeff Carlson
jeff at ultimateevil.org
Thu May 4 15:50:41 PDT 2006
Sean O'Donnell wrote:
> # mylocalhost commands
> mkdir .ssh
> cd ~/.ssh
> ssh-keygen -t rsa1
> ssh-keygen -t rsa
> ssh-keygen -t dsa
> ssh cvsserv
>
> ---
>
> # cvsserv commands
> mkdir .ssh
> cd .ssh
> scp mylocalhost:~/.ssh/*.pub .
> cat identity.pub >> authorized_keys
> cat id_dsa.pub id_rsa.pub >> authorized_keys2
> chmod 644 authorized_keys*
> rm *.pub
> logout
$HOME must not be world writable. $HOME/.ssh must be chmod 0700. All
host keys (not *.pub) must be chmod 0600. And authorized_keys must also
be chmod 0600. Oh, and authorized_keys2 is deprecated, I haven't used
it in years.
ssh cvsserver
scp mylocalhost:~/.ssh/*.pub .
mkdir -m 0700 .ssh
cd !$
cat ../*.pub >> authorized_keys
chmod 0600 !$
Technically, you should really only need id_rsa.pub *or* id_dsa.pub. I
prefer the former. SSHv1 should be shut off on all servers.
> # mylocalhost:/etc/passswd
> myid:x:5050:5050:myid:/home/myid:/bin/bash
>
> # cvsserv:/etc/passwd
> myid:x:5050:5050::/home/myid:/bin/bash
The GECOS field has nothing to do with it. You can change it with the
chfn command.
More information about the SGVLUG
mailing list