[techtalk] OpenSSH Trusted Host Setup Question

Pete Durst pdurst at bigfoot.com
Wed May 23 06:38:38 EST 2001 

Hi Conor,

I shall try this and let you know of the results!  Thanks!

Pete

At 08:57 PM 22/05/2001 +0100, you wrote:
>On Tue, May 22, 2001 at 01:13:10PM +1200 or so it is rumoured hereabouts,
>Mark Foster thought:
> > As far as im aware, OpenSSH2 uses /etc/hosts.allow ?
> >
> > [blakjak at phoenix blakjak]$ telnet localhost 22
> > Trying 127.0.0.1...
> > Connected to phoenix.
> > Escape character is '^]'.
> > SSH-1.99-OpenSSH_2.3.0p1
> >
> > Other than that, chec out the config files in /etc/ssh ?
>
>Or you could look at using /etc/ssh_known_hosts and
>$HOME/.ssh/authorized_keys  These files contain the public keys for the
>hosts and users who are allowed connect without passwords.
>
>for example...
>
>host foo        users tim, john
>host bar        users tim, john
>
>in foo:/etc/ssh_known_hosts you have the public host key for bar
>in foo:/home/tim/.ssh/authorized_keys you have the public key for tim at bar
>
>in bar:/etc/ssh_known_hosts you have the public host key for foo
>in bar:/home/tim/.ssh/authorized_keys you have the public key for tim at foo
>
>for each host on your network, /etc/ssh_known_hosts contains the public
>host keys for all the other hosts.
>
>For each user on your network, $HOME/.ssh/authorized_keys contains the
>user's public key which can be the same on all machines on your network or
>can be different.
>
>The easiest way to get this going is to use ssh-keygen on each host to
>generate the host key.  When you have all host keys generated, copy *all*
>of the .pub keys to a /etc/ssh_known_hosts file on one host.  Then copy
>this file to all machines in your network.
>
>For each user, use ssh-keygen to create *one* key pair.  Copy the .pub
>key to $HOME/.ssh/authorized_keys  Now copy the .ssh *directory* including
>the authorized_keys file to the user's home directory on *all* hosts.
>
>If you wish to use DSA keys rather than RSA, use ssh-keygen -d to create
>the keys and use the filenames ssh_known_hosts2 and authorized_keys2
>
>I *think* that'll do it...
>
>Conor
>--
>Conor Daly <conor.daly at oceanfree.net>
>
>Domestic Sysadmin :-)
>---------------------
>Faenor.cod.ie
>   8:35pm  up 3 days,  8:43,  0 users,  load average: 0.08, 0.02, 0.01
>Hobbiton.cod.ie
>   8:36pm  up 2 days,  9:37,  2 users,  load average: 0.00, 0.00, 0.00
>
>_______________________________________________
>techtalk mailing list
>techtalk at linuxchix.org
>http://www.linux.org.uk/mailman/listinfo/techtalk

==============================================
Pete Durst

Sun Certified System Administrator
Sun Certified Network Administrator
Sun Certified Instructor
Advanced UNIX Instructor

Pete.Durst at learnix.com

Learnix, a division of TMI
2650 Queensview Drive
Suite 160, Ottawa, Ontario
K2B 8H6

Tel: (613)828-5007 ext. 4313
Fax: (613)721-0599

http://www.learnix.com

==============================================

More information about the Techtalk mailing list