Sorry John my mistake....when I am using my system, I don't use the key for authentication...but my pass Thanks for the education -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of John O'Loughlin Sent: Wednesday, March 28, 2007 5:31 PM To: General Red Hat Linux discussion list Subject: RE: ssh and keys Importance: Low > I think you have missed the point for ssh... > It is just a terminal you use in connecting remotely to a box just > like telnet, the difference is that the traffic between the remote > location and your box is encrypted...hence it is this encryption that > the keys are used for. Those are different keys, the machine's keys are used for encrypting the traffic, a user's public/private key pair is used for authentication (the public key in ~/.ssh/authorized_keys) In /etc/ssh/sshd_config you'll see: PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys and indeed you can turn off password ssh login altogether PasswordAuthentication no John Hence to get access to the box you would still require the > account that was created for you to logon with. This is where pam > comes in..to authenticate who you are... > > > > > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of > m.roth2006@xxxxxxx > Sent: Wednesday, March 28, 2007 5:08 PM > To: General Red Hat Linux discussion list > Subject: Re: ssh and keys > > > John, > >> Date: Wed, 28 Mar 2007 16:00:00 +0100 (BST) >> From: "John O'Loughlin" <j.oloughlin@xxxxxxxxxx> >> >> I'm not sure what you mean by parallel, but there is no relationship >> between your standard password and the key pair you generate. >> >> password aging does not affect your keys. >> > Okay... so I'm a bit lost - how can you log onto a box without using > your real password, the one that you're prompted for if you don't use > the ssh key pair? Does PAM's sshd authentication, which points to > system-auth, not get pulled in for validation? > > mark >> John >> >> On Wed, 28 Mar 2007, m.roth2006@xxxxxxx wrote: >> >>> So, here's one for the assembled knowledge base here: >>> if I use ssh-keygen to create a key pair, and put the public key >>> on > the remote box, so that I can ssh in without being prompted for a > password, this leaves me confused about a couple of things: >>> 1) is the ssh key pair in parallel to the real password >>> for the account? That is, if I create a keypair and >>> use either no passphrase, or some password other >>> than my actual password for the account, does ssh >>> go *around* the standard authentication? >>> 2) since the remote box ages passwords, does PAM know >>> that I'm using an ssh key pair, and age *them*, >>> or do I merely have to change my real password in >>> a timely manner, but don't have to regen a new >>> ssh key pair? >>> >>> Thanks in advance. >>> >>> mark >>> >>> -- >>> redhat-list mailing list >>> unsubscribe >>> mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>> https://www.redhat.com/mailman/listinfo/redhat-list >>> >> >> -- >> redhat-list mailing list >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >> https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
