Subject: RE: Non-root ssh
From: volz (volz@koyukuk.at.uaa.alaska.edu)
Date: Tue Dec 17 2002 - 14:39:38 AKST
Sounds like you are on track. two things to note:
"ssh implements the RSA authentication protocol automatically. The user creates
his/her RSA key pair by running ssh-keygen(1). This stores the private key in
$HOME/.ssh/identity and the public key in $HOME/.ssh/identity.pub in the user's
home directory.The user should then copy the identity.pub to
$HOME/.ssh/authorized_keys in his/her home directory on the remote machine"
"If other authentication methods fail, ssh prompts the user for a password. The
password is sent to the remote host for checking; however, since all
communications are encrypted, the password cannot be seen by someone listening
on the network."
-man ssh
include a copy of /etc/ssh/ssh_config
# $OpenBSD: ssh_config,v 1.15 2002/06/20 20:03:34 stevesk Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
Host *
ForwardX11 yes
Notice the lines about identity file. and StrictHostKeyChecking
good luck
>
>
>Sorry about the lack of info there.
>
>RH 8.0. sshd is in fact running. Running ssh 3.x
>
>I think the piece that I am really missing is:
>
>What is the file name used to store the public key on the remote machine?
>What does an entry in that file look like?
>
>If I understand it correctly, I initiate the session.
>sshd looks in this file to see if I exist.
>Denies or allows me after typing in my user/password pair based partly on
>what is in this file?
>
>Mike
>
>-----Original Message-----
>From: Larry Collier [mailto:larry@medease.com]
>Sent: Tuesday, December 17, 2002 1:21 PM
>To: Mike Barsalou; aklug@aklug.org
>Subject: RE: Non-root ssh
>
>
>Mike,
>
>Which ssh are you using? Have you started the daemon on the destination
>computer? Which distribution?
>
>Larry
>
>-----Original Message-----
>From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org]On Behalf Of
>Mike Barsalou
>Sent: Tuesday, December 17, 2002 12:58 PM
>To: 'aklug@aklug.org'
>Subject: Non-root ssh
>
>
>
>I want to setup ssh so that I can login as a non-root user....what are the
>basic steps for this?
>
>I have been reading through the docs and I am getting clues, but I am
>missing something.
>
>Anyone have any good ideas?
>
>Mike
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Tue Dec 17 2002 - 14:42:29 AKST