topic Re: Secure Shell Paper in Operating System - HP-UX

Secure Shell Paper

Steven E. Protter — Thu, 07 Nov 2002 21:41:49 GMT

I'm looking for something comprehensive dealing with such things as passphrases and public key exchange.

I wonder if I need to exchange public keys for two machines on the same subnet. I'd like to read a comprehensive documents.

It's worth 10 points to the winner. :-)

Re: Secure Shell Paper

Kellogg Unix Team — Thu, 07 Nov 2002 23:15:05 GMT

Start from http://www.openssh.org/

...Manjeet

Re: Secure Shell Paper

Christian Gebhardt — Fri, 08 Nov 2002 06:47:59 GMT

I heard that some people are still reading books ;-)
http://www.oreilly.com/catalog/sshtdg/

Chris

Re: Secure Shell Paper

linuxfan — Tue, 12 Nov 2002 20:28:02 GMT

Hi Steven,

Check these out

SSH FAQ
http://www.employees.org/~satch/ssh/faq/ssh-faq.html

Here are some good articles on key management in SSH.
Part I - http://www-106.ibm.com/developerworks/library/l-keyc.html
Part II - http://www-106.ibm.com/developerworks/library/l-keyc2/
Part III - http://www-106.ibm.com/developerworks/library/l-keyc3/

Not sure if this answer's your question or not, but hope it helps.

-Ramesh

Re: Secure Shell Paper

Steven E. Protter — Tue, 12 Nov 2002 20:45:12 GMT

Thank you gentlemen. I have investigated the links and assigned a few points. When I get a few minutes, I will read in depth and try the documents. More points will be assigned if one of them lets me do what I want, which is to use scp to transfer files without a password or passphrase.

I obvioiusly want whatever I do to be completely secure, which is why I'm not using rcp.

Steve

Re: Secure Shell Paper

linuxfan — Tue, 12 Nov 2002 21:11:19 GMT

Hi Steven,

If you are looking to do scp without passphrase or password then you would need some manual set up.

The articles i provided actually tell you how to run keychain script http://www.gentoo.org/proj/en/keychain.xml
which starts the ssh-agent on your system. Note: The ssh-agent(script) would need to be started everytime the system reboots.

You would however need to generate your ssh-keys (man ssh-keygen)and distibute them to your remote systems.

Once you have set up your keys correctly, start the ssh-agent by running the keychain script and sourcing the file(created by keychain) you should be able to run ssh commands and copy files/directories using scp without providing any password/passphrase.

-HTH
Ramesh

Re: Secure Shell Paper

John Payne_2 — Tue, 12 Nov 2002 21:33:28 GMT

You want what you do to be completely secure...

Do you really want completely secure, or 'very well protected'? I never consider ssh to be 'completely secure', but you get reasonably good protection out of it, provided you continually upgrade as version to fix vulnerabilities come out...

We are moving to a VPN solution here for our administrative machines, which allows the encyption needed for god protect, but you can use the good old programs like rcp, rexec, telnet, and ftp without worrying about passwords and data being seen.

I guess you get what you pay for there.

I have found the O'rielly book: "SSH, the secure shell : the definitive guide" a very good source for how to do things with ssh like what you are asking for.

Hope it helps

John

Re: Secure Shell Paper

Steven E. Protter — Tue, 12 Nov 2002 22:13:16 GMT

Bad choice of words.

Completely secure means nobody can get passwords in clear text. In this context. This is a firewall protected network and there is currently no need for outsiders like me to get in from outside. For that we have "secure" dial in.

Steve

Re: Secure Shell Paper

Chris Wong — Fri, 24 Jan 2003 22:06:08 GMT

Hi,

I have 4 SSH (HP specific articles) here:

http://newfdawg.com/SHP-Articles.htm

- Chris

Re: Secure Shell Paper

Kevin Wright — Mon, 10 Nov 2003 17:33:45 GMT

wonder if I need to exchange public keys for two machines on the same subnet. I'd like to read a comprehensive documents.

If you want to be authenticated with your pbulic keys, you need to add your .pub file to the authorized_keys file on the other host. To automatically be authenticated without supplying a passphrase, create your passphrase to be null.

Re: Secure Shell Paper

Steven E. Protter — Mon, 10 Nov 2003 17:35:41 GMT

If you want password free login with the secure shell product set, you need to exchagne public keys.

SEP

Re: Secure Shell Paper

Kevin Wright — Mon, 10 Nov 2003 17:44:46 GMT

correct. But as soon as you connect to the remote host 1 time, the public host keys are exchanged for you when you answer yes. After that, it's passphrase free.

Re: Secure Shell Paper

Chris Wong — Mon, 10 Nov 2003 17:57:11 GMT

The only key that should not have a passphrase on it is the host key. If you don't want to enter a passphrase as a user, use the authorization agent. Jump to page 61 on this doc for more info:
http://newfdawg.com/docs/HP-SSH_Explained.PDF

Re: Secure Shell Paper

Steven E. Protter — Mon, 10 Nov 2003 19:15:04 GMT

This is an old thread.

I've always followed a variation of the doc I'm attaching.

If you have other innovations, as they say in Yiddish Guzunte Hait.

SEP

Re: Secure Shell Paper

Steven E. Protter — Mon, 10 Nov 2003 19:17:48 GMT

I consider this thread closed.

Feel free to post and debate to your hearts content. I've solved this problem and am not looking for answers.

Translation: Don't expect points, but if something extraordinary is posted, I'll hand out a bunny. I love doing that.

SEP