RE: ssh and keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sorry John my mistake....when I am using my system, I don't use the key
for authentication...but my pass
Thanks for the education

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of John O'Loughlin
Sent: Wednesday, March 28, 2007 5:31 PM
To: General Red Hat Linux discussion list
Subject: RE: ssh and keys
Importance: Low




> I think you have missed the point for ssh...
> It is just a terminal you use in connecting remotely to a box just 
> like telnet, the difference is that the traffic between the remote 
> location and your box is encrypted...hence it is this encryption that 
> the keys are used for.

Those are different keys, the machine's keys are used for encrypting the

traffic, a user's public/private key pair is used for authentication
(the 
public key in ~/.ssh/authorized_keys)

In /etc/ssh/sshd_config

you'll see:

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

and indeed you can turn off password ssh login altogether

PasswordAuthentication no

John

Hence to get access to the box you would still require the
> account that was created for you to logon with. This is where pam 
> comes in..to authenticate who you are...
>
>
>
>
>
> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx 
> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of 
> m.roth2006@xxxxxxx
> Sent: Wednesday, March 28, 2007 5:08 PM
> To: General Red Hat Linux discussion list
> Subject: Re: ssh and keys
>
>
> John,
>
>> Date: Wed, 28 Mar 2007 16:00:00 +0100 (BST)
>> From: "John O'Loughlin" <j.oloughlin@xxxxxxxxxx>
>>
>> I'm not sure what you mean by parallel, but there is no relationship 
>> between your standard password and the key pair you generate.
>>
>> password aging does not affect your keys.
>>
> Okay... so I'm a bit lost - how can you log onto a box without using 
> your real password, the one that you're prompted for if you don't use 
> the ssh key pair? Does PAM's sshd authentication, which points to 
> system-auth, not get pulled in for validation?
>
>    mark
>> John
>>
>> On Wed, 28 Mar 2007, m.roth2006@xxxxxxx wrote:
>>
>>> So, here's one for the assembled knowledge base here:
>>>   if I use ssh-keygen to create a key pair, and put the public key 
>>> on
> the remote box, so that I can ssh in without being prompted for a 
> password, this leaves me confused about a couple of things:
>>>   1) is the ssh key pair in parallel to the real password
>>>        for the account? That is, if I create a keypair and
>>>        use either no passphrase, or some password other
>>>        than my actual password for the account, does ssh
>>>        go *around* the standard authentication?
>>>   2) since the remote box ages passwords, does PAM know
>>>        that I'm using an ssh key pair, and age *them*,
>>>        or do I merely have to change my real password in
>>>        a timely manner, but don't have to regen a new
>>>        ssh key pair?
>>>
>>> Thanks in advance.
>>>
>>>      mark
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe 
>>> mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux