[Techtalk] ssh

[Chris Wilson]

Hi Wolf,

Please, let's stay on the list so that others can benefit.

On Thu, 23 Jul 2009, Wolf Rising wrote:

> Thank you so much for the response, would you happen to be aware of any 
> online sites where I could find information on how to set this up?
> 
> It seems the most secure way to go about things, or at least much better 
> than the one we currently have in place :-)

Just follow the usual instructions for setting up a CA and generating 
client certificates, but instead of generating a new RSA key, use the 
existing one in ~/.ssh/id_rsa.
 
Some sample instructions are at [http://www.garex.net/apache/], but I 
haven't tested them.

Convert each (client certificate and key) pair into a PKCS12 file, using 
openssl pkcs12, and import it into the browser on that client.

Configure Apache to require certificate authentication for connecting to 
those services that you want to protect, and place any necessary 
restrictions on the DN of the certificate, as described on that site.

Cheers, Chris.
-- 
Aptivate | http://www.aptivate.org | Phone: +44 1223 760887
The Humanitarian Centre, Fenner's, Gresham Road, Cambridge CB1 2ES

Aptivate is a not-for-profit company registered in England and Wales
with company number 04980791.