Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

sshd for dummies?

0 views
Skip to first unread message

rjb

unread,
Mar 14, 2002, 9:45:14 AM3/14/02
to
Does anyone know of a doc relating to setting up ssh for dummies? I am new
to this, and would like only allow access to the system from (specified)
know hosts with know public keys from known domains. Any help pointers much
appreciated. I've scanned through the docs on openssh.com and couldn't find
much in the way of pointers/examples.

TIA


Skylar Thompson

unread,
Mar 14, 2002, 7:41:12 PM3/14/02
to

The man page for sshd(8) has that.

--
-- Skylar Thompson (sky...@attglobal.net)

rjb

unread,
Mar 15, 2002, 8:27:45 AM3/15/02
to

"Skylar Thompson" <sky...@thangorodrim.attglobal.net> wrote in message
news:slrna92k9n...@thangorodrim.attglobal.net...

Call me stupid, but I still cannot make head nor tail of it all. Heres my
thinking:

I want SSH to check that the host is on the allowed list
I want SSH to check that it has a valid key for that host
I want SSH to check that the user/key match

As such, would I perform the following:-

Create a /etc/ssh/ssh_known_hosts2 with the users hostname and RSA or DSA
public key

is that all that is required?


Dimitri Maziuk

unread,
Mar 15, 2002, 10:53:53 AM3/15/02
to
begin 666 rjb:
>

Did you try googling for ssh howto?

> Call me stupid, but I still cannot make head nor tail of it all. Heres my
> thinking:
>
> I want SSH to check that the host is on the allowed list
> I want SSH to check that it has a valid key for that host
> I want SSH to check that the user/key match
>
> As such, would I perform the following:-
>
> Create a /etc/ssh/ssh_known_hosts2 with the users hostname and RSA or DSA
> public key
>
> is that all that is required?

For 1 & 2, you generate host key on the client and add it
(public part) to known_hosts on the server. For 3, user
generates a key for themselves on the client and adds it
to ~/.ssh/authorized_keys[2] on the server. Plus, there
are a few options to sshd you my need to set, dep. on your
configuraton.

Dima
--
Backwards compatibility is either a pun or an oxymoron. -- PGN

rj...@hotmail.losethis.nothere.com

unread,
Mar 15, 2002, 1:26:55 PM3/15/02
to

Dimitri - thanks for that - yes I did. A minefield of ambiguous
information. tried the groups search too. I guess I'll have to delve
through the thousands of docs I've found.

Dimitri Maziuk

unread,
Mar 15, 2002, 1:47:42 PM3/15/02
to
begin 666 rj...@hotmail.losethis.nothere.com:
...
> Dimitri - thanks for that - yes I did. A minefield of ambiguous
> information. tried the groups search too. I guess I'll have to delve
> through the thousands of docs I've found.

Heh, yes there's that. If you really want to learn, buy the snail
book (http://www.snailbook.com).

Dima
--
Tlaloc: What was Elrond's second name?
Gruber: Hubbard -- <ahbou=3C69EB63...@last.com>

Chronos Tachyon

unread,
Mar 15, 2002, 7:22:24 PM3/15/02
to
Dimitri Maziuk wrote:

[Some stuff that Mozilla 0.9.9 thought was a uuencoded attachment]

Looks like I need to go file a report with Bugzilla... Grr...

--
Chronos Tachyon
http://chronos.dyndns.org/ -- WWED?
Guardian of Eristic Paraphernalia
Gatekeeper of the Region of Thud
6:17pm up 3 days, 19:25, 1 user, load average: 0.20, 0.17, 0.14

0 new messages