[techtalk] OpenSSH Trusted Host Setup Question

Conor Daly conor.daly at oceanfree.net
Tue May 22 20:57:02 EST 2001 

On Tue, May 22, 2001 at 01:13:10PM +1200 or so it is rumoured hereabouts, 
Mark Foster thought:
> As far as im aware, OpenSSH2 uses /etc/hosts.allow ?
> 
> [blakjak at phoenix blakjak]$ telnet localhost 22
> Trying 127.0.0.1...
> Connected to phoenix.
> Escape character is '^]'.
> SSH-1.99-OpenSSH_2.3.0p1
> 
> Other than that, chec out the config files in /etc/ssh ?

Or you could look at using /etc/ssh_known_hosts and
$HOME/.ssh/authorized_keys  These files contain the public keys for the
hosts and users who are allowed connect without passwords.

for example...

host foo	users tim, john
host bar	users tim, john

in foo:/etc/ssh_known_hosts you have the public host key for bar
in foo:/home/tim/.ssh/authorized_keys you have the public key for tim at bar

in bar:/etc/ssh_known_hosts you have the public host key for foo
in bar:/home/tim/.ssh/authorized_keys you have the public key for tim at foo

for each host on your network, /etc/ssh_known_hosts contains the public
host keys for all the other hosts.

For each user on your network, $HOME/.ssh/authorized_keys contains the
user's public key which can be the same on all machines on your network or
can be different.

The easiest way to get this going is to use ssh-keygen on each host to
generate the host key.  When you have all host keys generated, copy *all*
of the .pub keys to a /etc/ssh_known_hosts file on one host.  Then copy
this file to all machines in your network.

For each user, use ssh-keygen to create *one* key pair.  Copy the .pub
key to $HOME/.ssh/authorized_keys  Now copy the .ssh *directory* including
the authorized_keys file to the user's home directory on *all* hosts.

If you wish to use DSA keys rather than RSA, use ssh-keygen -d to create
the keys and use the filenames ssh_known_hosts2 and authorized_keys2 

I *think* that'll do it...

Conor
-- 
Conor Daly <conor.daly at oceanfree.net>

Domestic Sysadmin :-)
---------------------
Faenor.cod.ie
  8:35pm  up 3 days,  8:43,  0 users,  load average: 0.08, 0.02, 0.01
Hobbiton.cod.ie
  8:36pm  up 2 days,  9:37,  2 users,  load average: 0.00, 0.00, 0.00

More information about the Techtalk mailing list