HPE Community
Operating System - Linux
1819941 Members
3618 Online
109607 Solutions
New Discussion юеВ

Re: SSH with RAS Key Authentication

 
SOLVED
Go to solution
Richard Horton
Advisor

тАО06-21-2001 10:30 AM

тАО06-21-2001 10:30 AM

SSH with RAS Key Authentication

I have setup a redhat 7.1 with only ssh v1.99 and I have a windows client using PUTTY and I can connect.

However, I need assistance in generating keys and issuing them to the clients. I want a passphrase and key and a password required for connections.

I dont know how to generate the key that the client needs in order to have the RSA authentication force a key check. I only want valid keys to be allowed access. I would also like a passphrase and a user password requirement as well.

Can someone tell me the valid sshd_config setting I need and how to generate the clients keys and where I need to put them on the linux server. I know where to put them in PUTTY for the client/windows machine. I just dont know where to generate them on the linux box.

Also, I do not want to use any rhosts information. Since I have read about the holes in this form of security.

Any help would be greatly appreciated.
SCO veteran converting to HP UX
0 Kudos
Reply
2 REPLIES 2
Maik Danstedt
Occasional Advisor

тАО07-11-2001 06:06 AM

тАО07-11-2001 06:06 AM

Solution

Re: SSH with RAS Key Authentication

Hi,

the command for the Linux-Box is named "ssh-keygen". I'd tell you more, but at the moment I'm not at my Linux-Box. Try "man ssh-keygen" for the moment...


cu,
MaDMaik
I haven't lost my mind! I backed it up on tape somewhere...
Reply
Bob Perschau
Occasional Contributor

тАО07-19-2001 10:38 AM

тАО07-19-2001 10:38 AM

Re: SSH with RAS Key Authentication

Richard, here how I use PuTTY on NT and OpenSSH 2.5.1 on Linux. Your milage may vary. I'll assume you have the ssh daemon running on Linux already.

First off... the keys are generated on the client side... that's your Windows Box. Run puttygen.exe and press the Generate button. You'll have to move the mouse around to create some random data for the key generation. After the key is generated, I usually change the key comment to be something more meaningful... I usually change it to my name and the client nodename. Be sure to enter a key passphrase too. Ater the comment and passphrase change save your key. Being the paranoid type that I am, I usually save it to floppy rather than the harddrive. That way when I leave for the night I pop the floppy out, take it home with me and no one can get at my private key. Don't close the puttygen window yet you'll need it for the next step.

Connect to your Linux/SSH server using PuTTY with the SSH protocol. You will be prompted for your user
name and password to login. Once logged in cd to the ~/.ssh directory and edit the file authorized_keys. If this is your first ssh connection you will probably have to create it. Now switch back to the puttygen window and select all of the text in the Public Key, copy it to your clipboard by typing a Ctrl-C. Switch back to the PuTTY window and insert the data into the file. Save the file. You should now be able to reconnect to your Linux box using PuTTY.

Good luck,
Bob
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.