HPE Community
Operating System - HP-UX
1823228 Members
3595 Online
109648 Solutions
New Discussion юеВ

Re: Secure Shell Paper

 
Steven E. Protter
Exalted Contributor

тАО11-07-2002 01:41 PM

тАО11-07-2002 01:41 PM

Secure Shell Paper

I'm looking for something comprehensive dealing with such things as passphrases and public key exchange.

I wonder if I need to exchange public keys for two machines on the same subnet. I'd like to read a comprehensive documents.

It's worth 10 points to the winner. :-)
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
14 REPLIES 14
Kellogg Unix Team
Trusted Contributor

тАО11-07-2002 03:15 PM

тАО11-07-2002 03:15 PM

Re: Secure Shell Paper

Start from http://www.openssh.org/

...Manjeet
work is fun ! (my manager is standing behind me!!)
0 Kudos
Reply
Christian Gebhardt
Honored Contributor

тАО11-07-2002 10:47 PM

тАО11-07-2002 10:47 PM

Re: Secure Shell Paper

I heard that some people are still reading books ;-)
http://www.oreilly.com/catalog/sshtdg/

Chris
0 Kudos
Reply
linuxfan
Honored Contributor

тАО11-12-2002 12:28 PM

тАО11-12-2002 12:28 PM

Re: Secure Shell Paper

Hi Steven,

Check these out

SSH FAQ
http://www.employees.org/~satch/ssh/faq/ssh-faq.html

Here are some good articles on key management in SSH.
Part I - http://www-106.ibm.com/developerworks/library/l-keyc.html
Part II - http://www-106.ibm.com/developerworks/library/l-keyc2/
Part III - http://www-106.ibm.com/developerworks/library/l-keyc3/

Not sure if this answer's your question or not, but hope it helps.

-Ramesh
They think they know but don't. At least I know I don't know - Socrates
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО11-12-2002 12:45 PM

тАО11-12-2002 12:45 PM

Re: Secure Shell Paper

Thank you gentlemen. I have investigated the links and assigned a few points. When I get a few minutes, I will read in depth and try the documents. More points will be assigned if one of them lets me do what I want, which is to use scp to transfer files without a password or passphrase.

I obvioiusly want whatever I do to be completely secure, which is why I'm not using rcp.

Steve
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
linuxfan
Honored Contributor

тАО11-12-2002 01:11 PM

тАО11-12-2002 01:11 PM

Re: Secure Shell Paper

Hi Steven,

If you are looking to do scp without passphrase or password then you would need some manual set up.

The articles i provided actually tell you how to run keychain script http://www.gentoo.org/proj/en/keychain.xml
which starts the ssh-agent on your system. Note: The ssh-agent(script) would need to be started everytime the system reboots.

You would however need to generate your ssh-keys (man ssh-keygen)and distibute them to your remote systems.

Once you have set up your keys correctly, start the ssh-agent by running the keychain script and sourcing the file(created by keychain) you should be able to run ssh commands and copy files/directories using scp without providing any password/passphrase.

-HTH
Ramesh
They think they know but don't. At least I know I don't know - Socrates
0 Kudos
Reply
John Payne_2
Honored Contributor

тАО11-12-2002 01:33 PM

тАО11-12-2002 01:33 PM

Re: Secure Shell Paper

You want what you do to be completely secure...

Do you really want completely secure, or 'very well protected'? I never consider ssh to be 'completely secure', but you get reasonably good protection out of it, provided you continually upgrade as version to fix vulnerabilities come out...

We are moving to a VPN solution here for our administrative machines, which allows the encyption needed for god protect, but you can use the good old programs like rcp, rexec, telnet, and ftp without worrying about passwords and data being seen.

I guess you get what you pay for there.

I have found the O'rielly book: "SSH, the secure shell : the definitive guide" a very good source for how to do things with ssh like what you are asking for.

Hope it helps

John
Spoon!!!!
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО11-12-2002 02:13 PM

тАО11-12-2002 02:13 PM

Re: Secure Shell Paper

Bad choice of words.

Completely secure means nobody can get passwords in clear text. In this context. This is a firewall protected network and there is currently no need for outsiders like me to get in from outside. For that we have "secure" dial in.

Steve
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Chris Wong
Trusted Contributor

тАО01-24-2003 02:06 PM

тАО01-24-2003 02:06 PM

Re: Secure Shell Paper

Hi,

I have 4 SSH (HP specific articles) here:

http://newfdawg.com/SHP-Articles.htm

- Chris
0 Kudos
Reply
Kevin Wright
Honored Contributor

тАО11-10-2003 09:33 AM

тАО11-10-2003 09:33 AM

Re: Secure Shell Paper

wonder if I need to exchange public keys for two machines on the same subnet. I'd like to read a comprehensive documents.

If you want to be authenticated with your pbulic keys, you need to add your .pub file to the authorized_keys file on the other host. To automatically be authenticated without supplying a passphrase, create your passphrase to be null.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО11-10-2003 09:35 AM

тАО11-10-2003 09:35 AM

Re: Secure Shell Paper

If you want password free login with the secure shell product set, you need to exchagne public keys.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Kevin Wright
Honored Contributor

тАО11-10-2003 09:44 AM

тАО11-10-2003 09:44 AM

Re: Secure Shell Paper

correct. But as soon as you connect to the remote host 1 time, the public host keys are exchanged for you when you answer yes. After that, it's passphrase free.
0 Kudos
Reply
Chris Wong
Trusted Contributor

тАО11-10-2003 09:57 AM

тАО11-10-2003 09:57 AM

Re: Secure Shell Paper

The only key that should not have a passphrase on it is the host key. If you don't want to enter a passphrase as a user, use the authorization agent. Jump to page 61 on this doc for more info:
http://newfdawg.com/docs/HP-SSH_Explained.PDF
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО11-10-2003 11:15 AM

тАО11-10-2003 11:15 AM

Re: Secure Shell Paper

This is an old thread.

I've always followed a variation of the doc I'm attaching.

If you have other innovations, as they say in Yiddish Guzunte Hait.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО11-10-2003 11:17 AM

тАО11-10-2003 11:17 AM

Re: Secure Shell Paper

I consider this thread closed.

Feel free to post and debate to your hearts content. I've solved this problem and am not looking for answers.

Translation: Don't expect points, but if something extraordinary is posted, I'll hand out a bunny. I love doing that.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.