RE: ssh and keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



John,

I think you have missed the point for ssh...
It is just a terminal you use in connecting remotely to a box just like
telnet, the difference is that the traffic between the remote location
and your box is encrypted...hence it is this encryption that the keys
are used for. Hence to get access to the box you would still require the
account that was created for you to logon with. This is where pam comes
in..to authenticate who you are...





-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of m.roth2006@xxxxxxx
Sent: Wednesday, March 28, 2007 5:08 PM
To: General Red Hat Linux discussion list
Subject: Re: ssh and keys


John,

>Date: Wed, 28 Mar 2007 16:00:00 +0100 (BST)
>From: "John O'Loughlin" <j.oloughlin@xxxxxxxxxx>
>
>I'm not sure what you mean by parallel, but there is no relationship
>between your standard password and the key pair you generate.
>
>password aging does not affect your keys.
>
Okay... so I'm a bit lost - how can you log onto a box without using
your real password, the one that you're prompted for if you don't use
the ssh key pair? Does PAM's sshd authentication, which points to
system-auth, not get pulled in for validation?

    mark
>John
>
>On Wed, 28 Mar 2007, m.roth2006@xxxxxxx wrote:
>
>> So, here's one for the assembled knowledge base here:
>>   if I use ssh-keygen to create a key pair, and put the public key on
the remote box, so that I can ssh in without being prompted for a
password, this leaves me confused about a couple of things:
>>   1) is the ssh key pair in parallel to the real password
>>        for the account? That is, if I create a keypair and
>>        use either no passphrase, or some password other
>>        than my actual password for the account, does ssh
>>        go *around* the standard authentication?
>>   2) since the remote box ages passwords, does PAM know
>>        that I'm using an ssh key pair, and age *them*,
>>        or do I merely have to change my real password in
>>        a timely manner, but don't have to regen a new
>>        ssh key pair?
>>
>> Thanks in advance.
>>
>>      mark
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>--
>redhat-list mailing list
>unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux