SUMMARY:ssh authorization

From: David Stern (dstern@tsi-telsys.com)
Date: Fri May 05 2000 - 11:18:07 CDT


>We have a number of people connecting thru ISPs via secure shell. Some of
>the ISPs use DHCP so the sshd_config AllowHosts wont do us much good.
>Is there some way to set up authentication for these machines? Can
>Radius do this?

Thanks to:
dana@dtn.com
kevin@joltin.com
mark@neurosis.net
gr@cs.swarthmore.edu
Richard.Cove@alphawest.com.au

All of whom mentioned that RSA Authentication within ssh will work. I tried
it locally and after banging on the config I got the desired results:

Run ssh-keygen on the client, take default file locations and enter a decent
passphrase

Copy resultant ~/.ssh/identity.pub to servers ~/.ssh/authorized_keys

Insure that permissions are set correctly on server for ~, ~/.ssh and
~/.ssh/* files (see ssh docs)

Modify servers sshd_config to include:

StrictModes yes
RhostsAuthentication yes
RhostsRSAAuthentication yes
RSAAuthentication yes
PasswordAuthentication no

and restart sshd on server.

If user logs in, he'll be prompted for passphrase and only if his machine
has the public key information will he get in.

 =-=-=-=-=-=-=-=-=- generated by /dev/dave -=-=-=-=-=-=-=-=-=-=-=-=-=-=
 David Stern TSI TelSys
 Manager, Information Systems 410-872-3906



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:07 CDT