|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: SSH question
Date: Wed Jul 16 2003 - 20:00:15 EDT
> I hope someone can help with this finding.
You haven't really defined this well.
authorized_keys files go into the .ssh directory of a specific user. So if I wanted the key 'id_rsa.pub' to be allowed to ssh into my account (jdoe) on host 'host-a', I'd do the following
me@home$ cd ~/.ssh
me@home$ ls
id_rsa id_rsa.pub
me@home$ scp id_rsa.pub jdoe@host-a:mykey.pub
me@home$ ssh jdoe@host-a
(type password, since the key isn't trusted yet.)
jdoe@host-a$ mkdir .ssh ; chmod 700 .ssh . ; cd .ssh jdoe@host-a$ cat ../mykey.pub >> authorized_keys jdoe@host-a$ chmod 600 authorized_keys
me@home$ ssh jdoe@host-a
(no password required now.)
Now, if I take my id_rsa key and copy it to some other machine (say my ISP, or my work machine, etc) then yes, I can use it to log into host-a with pubkey authentication.
If I want to allow this key only from one host, then edit the authorized_keys file and add a 'from=' option, ala
jdoe@host-a$ head -1 authorized_keys
from=192.168.1.1 AAAAB3NzaC1yc2EAAAABIwAAAIEAp8Z4Efr8...
> It seems that so long as user1 has a key on any machine, and it exists
The user should only be able to log into an account that has included user1's public key in their authorized_keys file. This user couldn't log in as me if I don't have his pubkey in my authorized_keys file, for example.
If I'm missunderstanding your situation, let me know.
-- Brian Hatch Never test the depth Systems and of the water with Security Engineer both feet. www.buildinglinuxvpns.net Every message PGP signed
- application/pgp-signature attachment: stored
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:01 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |