- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Secureshell - generating key on 11iv2 host
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-11-2010 07:18 AM
тАО11-11-2010 07:18 AM
Secureshell - generating key on 11iv2 host
on my ftp server:
on the home account for said user...
we run ssh-kgen with no options.. This creates the private and public keys and no passphrase is entered.
I send/copy the public key file to the user.
The user appends the public key to his authorized_keys file under his .ssh directory
Also user's .ssh directory should have permissions of 600.
The user can now test his connection.
One question..on the ftp server..the public key does NOT need to be added to the authorized_keys file under his /home../.ssh/, right?
BTW - the .ssh directory for the user on the ftp server is set to 770 and public key file underneath it is set to 644
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-11-2010 09:44 AM
тАО11-11-2010 09:44 AM
Re: Secureshell - generating key on 11iv2 host
Yes. Here is how it works.
Messages encrypted with the private key can only be decrypted by the public key, and vice-versa. You keep your private key on your local machine, and put the public key in a list of authorized hosts on the remote machine. When you attempt to log-in to the remote host it sends you a brief message, encrypted with your public key. If you can decrypt the message (and you send back some proof that you have done so) then that proves that you must possess the private key, and you are allowed in.
Shibin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-11-2010 09:49 AM
тАО11-11-2010 09:49 AM
Re: Secureshell - generating key on 11iv2 host
Correct, but it doesn't matter if you do.
> BTW - the .ssh directory for the user on the ftp server is set to 770 and public key file underneath it is set to 644
Bad, bad, bad. The permissions must be fully restrictive:
1. Assuming /home is the top level directory, it must be 755.
2. The user's directory must be 755 minimum.
3. .ssh must be 700 - no except the user can see anything in .ssh
4. None of the files can be publicly readable or writable, so set all files in .ssh to 600, owned by the user.
ssh is particularly silent about bad permissions and won't tell what's wrong -- it just asks for a password.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-12-2010 12:59 AM
тАО11-12-2010 12:59 AM
Re: Secureshell - generating key on 11iv2 host
>Correct, but it doesn't matter if you do.
If you have a NFS mounted home directory and want to do ssh between machines, you would want that key there.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-12-2010 07:54 AM
тАО11-12-2010 07:54 AM
Re: Secureshell - generating key on 11iv2 host
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-12-2010 07:55 AM
тАО11-12-2010 07:55 AM