I think you have missed the point for ssh...
It is just a terminal you use in connecting remotely to a box just like
telnet, the difference is that the traffic between the remote location
and your box is encrypted...hence it is this encryption that the keys
are used for.
Those are different keys, the machine's keys are used for encrypting the
traffic, a user's public/private key pair is used for authentication (the
public key in ~/.ssh/authorized_keys)
In /etc/ssh/sshd_config
you'll see:
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
and indeed you can turn off password ssh login altogether
PasswordAuthentication no
John
Hence to get access to the box you would still require the
account that was created for you to logon with. This is where pam comes
in..to authenticate who you are...
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of m.roth2006@xxxxxxx
Sent: Wednesday, March 28, 2007 5:08 PM
To: General Red Hat Linux discussion list
Subject: Re: ssh and keys
John,
Date: Wed, 28 Mar 2007 16:00:00 +0100 (BST)
From: "John O'Loughlin" <j.oloughlin@xxxxxxxxxx>
I'm not sure what you mean by parallel, but there is no relationship
between your standard password and the key pair you generate.
password aging does not affect your keys.
Okay... so I'm a bit lost - how can you log onto a box without using
your real password, the one that you're prompted for if you don't use
the ssh key pair? Does PAM's sshd authentication, which points to
system-auth, not get pulled in for validation?
mark
John
On Wed, 28 Mar 2007, m.roth2006@xxxxxxx wrote:
So, here's one for the assembled knowledge base here:
if I use ssh-keygen to create a key pair, and put the public key on
the remote box, so that I can ssh in without being prompted for a
password, this leaves me confused about a couple of things:
1) is the ssh key pair in parallel to the real password
for the account? That is, if I create a keypair and
use either no passphrase, or some password other
than my actual password for the account, does ssh
go *around* the standard authentication?
2) since the remote box ages passwords, does PAM know
that I'm using an ssh key pair, and age *them*,
or do I merely have to change my real password in
a timely manner, but don't have to regen a new
ssh key pair?
Thanks in advance.
mark
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
