>We have a number of people connecting thru ISPs via secure shell. Some of
>the ISPs use DHCP so the sshd_config AllowHosts wont do us much good.
>Is there some way to set up authentication for these machines? Can
>Radius do this?
Thanks to:
dana@dtn.com
kevin@joltin.com
mark@neurosis.net
gr@cs.swarthmore.edu
Richard.Cove@alphawest.com.au
All of whom mentioned that RSA Authentication within ssh will work. I tried
it locally and after banging on the config I got the desired results:
Run ssh-keygen on the client, take default file locations and enter a decent
passphrase
Copy resultant ~/.ssh/identity.pub to servers ~/.ssh/authorized_keys
Insure that permissions are set correctly on server for ~, ~/.ssh and
~/.ssh/* files (see ssh docs)
Modify servers sshd_config to include:
StrictModes yes
RhostsAuthentication yes
RhostsRSAAuthentication yes
RSAAuthentication yes
PasswordAuthentication no
and restart sshd on server.
If user logs in, he'll be prompted for passphrase and only if his machine
has the public key information will he get in.
=-=-=-=-=-=-=-=-=- generated by /dev/dave -=-=-=-=-=-=-=-=-=-=-=-=-=-=
David Stern TSI TelSys
Manager, Information Systems 410-872-3906
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:07 CDT