RSA Authentication

[Walter Grace]

Ivan,

Thanks for your response!!! 0-)

Regarding RSA authentication, I understand this to be the procedure below 
which can be found at 
http://www.ssh.com/products/ssh/administrator24/User_Public_Key_Authentication.html.

This, I have done as the freeside user. I renamed the key generated to 
identity and identity.pub. I did not enter a pass phrase as indicated 
somehere else (in the freeside archives I believe).
This has allowed me to secure shell from the freeside machine as the 
freeside user to the external web server that has the signup.cgi script 
without requiring a password.


User Public Key Authentication
    1.  To make sure that public key authentication is enabled, the 
AllowedAuthentications field both in /etc/ssh2/sshd2_config file on Remote 
and in /etc/ssh2/ssh2_config file on Local should contain the word publickey:

AllowedAuthentications   publickey

       Other authentication methods can be listed in the configuration file 
as well.
    2. Create a keypair by executing ssh-keygen (ssh-keygen2) on Local.

Local> ssh-keygen
Generating 1024-bit dsa key pair
    1 oOo.oOo.o
Key generated.
1024-bit dsa, user at Local, Wed Mar 22 2000 00:13:43
         +0200
Passphrase :
Again :
Private key saved to
                /home/user/.ssh2/id_dsa_1024_a
Public key saved to
                /home/user/.ssh2/id_dsa_1024_a.pub

       Ssh-keygen will ask you for a passphrase for the new key. Enter a 
sufficiently long (20 characters or so) sequence of any characters (white 
spaces are OK). Ssh-keygen creates a .ssh2 directory in your home 
directory, and stores your new authentication key pair in two separate 
files. One is your private key which must NEVER be made available to anyone 
but yourself. The private key can only be used together with the 
passphrase. In the above example, the private key file is id_dsa_1024_a. 
The other file id_dsa_1024_a.pub is your public key, which can be 
distributed to other computers.

    3. Create an identification file in your ~/.ssh2 directory on Local.

Local> cd ~/.ssh2
Local> echo "IdKey id_dsa_1024_a" > identification

       You now have an identification file which consists of one line that 
denotes the file containing your identification (your private key). For 
special applications, you can create multiple identifications by executing 
ssh-keygen again. This is, however, not needed in the most common cases.

    4. Copy your public key (id_dsa_1024_a.pub) to the ~/.ssh2 directory on 
Remote.

    5. Create an authorization file in your ~/.ssh2 directory on Remote. 
Add the following line to authorization:

Key     id_dsa_1024_a.pub

       This directs the SSH server to use id_dsa_1024_a.pub as a valid 
public key when authorizing your login. If you want to login to Remote from 
other hosts, create authorization keys on the hosts (steps 1 and 2) and 
repeat steps 3 and 4 on Remote.

    6. Now you should be able to login to Remote from Local using Secure Shell.

       Try to login:

Local>ssh Remote
Passphrase for key "/home/user/.ssh2/id_dsa_1024_a
with comment "1024-bit dsa, created by user at Local
Wed Mar 22 2000 00:13:43 +0200":

       After you have entered the passphrase of your private key, a Secure 
Shell connection will be established.

*** end instructions


I checked the $HOME environment variable and it contains /home/freeside 
which is the home directory of the freeside user.

However, I can not use the fs_signup_server script to do the secure shell 
login.

Is this the wrong procedure or not what you are referring to as RSA 
Authentication?


Many Thanks

Walter Grace


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://420.am/pipermail/freeside-users/attachments/20010925/7f759ece/attachment.htm