From a security standpoint; it's the way to go. Hydra is usless against it,
as is the ettercap/sshmitm attack. Put simply, it's darn near bomb proof,
and I'm happy to see someone thinking about it. Auditing systems these days
has shown me that many allow auth to ssh, which is vuln to the previous
canned methods...
Having root use certs is fairly safe too, but I don't recommend it. --
"security in depth"
Now setting it up; straight forward, IMHO. Google is your friend, as is man
pages ;)
http://www.google.com/linux?hl=en&q=
Aswell, there is some awsome script trickery you can do with certs.
my 2 cents,
eddie
>From: Scott Johnson <scott.a.johnson@gmail.com>
>Reply-To: scott.a.johnson@gmail.com
>To: aklug <aklug@aklug.org>
>Subject: Certificate authentication to SSH
>Date: Tue, 6 Sep 2005 00:19:05 -0800
>
>How easy it is to setup certificate authentication in SSH? Anyone
>have some pointers they'd like to share?????
>
>Thanks.
>
>--=20
>Scott Johnson
>scott.a.johnson@gmail.com
>---------
>To unsubscribe, send email to <aklug-request@aklug.org>
>with 'unsubscribe' in the message body.
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed, 07 Sep 2005 10:26:41 -0800
This archive was generated by hypermail 2.1.8 : Wed Sep 07 2005 - 10:26:47 AKDT