RSA Authentication
Walter Grace
wegrace at ga.prestige.net
Tue Sep 25 10:13:22 PDT 2001
Ivan,
Thanks for your response!!! 0-)
Regarding RSA authentication, I understand this to be the procedure below
which can be found at
http://www.ssh.com/products/ssh/administrator24/User_Public_Key_Authentication.html.
This, I have done as the freeside user. I renamed the key generated to
identity and identity.pub. I did not enter a pass phrase as indicated
somehere else (in the freeside archives I believe).
This has allowed me to secure shell from the freeside machine as the
freeside user to the external web server that has the signup.cgi script
without requiring a password.
User Public Key Authentication
1. To make sure that public key authentication is enabled, the
AllowedAuthentications field both in /etc/ssh2/sshd2_config file on Remote
and in /etc/ssh2/ssh2_config file on Local should contain the word publickey:
AllowedAuthentications publickey
Other authentication methods can be listed in the configuration file
as well.
2. Create a keypair by executing ssh-keygen (ssh-keygen2) on Local.
Local> ssh-keygen
Generating 1024-bit dsa key pair
1 oOo.oOo.o
Key generated.
1024-bit dsa, user at Local, Wed Mar 22 2000 00:13:43
+0200
Passphrase :
Again :
Private key saved to
/home/user/.ssh2/id_dsa_1024_a
Public key saved to
/home/user/.ssh2/id_dsa_1024_a.pub
Ssh-keygen will ask you for a passphrase for the new key. Enter a
sufficiently long (20 characters or so) sequence of any characters (white
spaces are OK). Ssh-keygen creates a .ssh2 directory in your home
directory, and stores your new authentication key pair in two separate
files. One is your private key which must NEVER be made available to anyone
but yourself. The private key can only be used together with the
passphrase. In the above example, the private key file is id_dsa_1024_a.
The other file id_dsa_1024_a.pub is your public key, which can be
distributed to other computers.
3. Create an identification file in your ~/.ssh2 directory on Local.
Local> cd ~/.ssh2
Local> echo "IdKey id_dsa_1024_a" > identification
You now have an identification file which consists of one line that
denotes the file containing your identification (your private key). For
special applications, you can create multiple identifications by executing
ssh-keygen again. This is, however, not needed in the most common cases.
4. Copy your public key (id_dsa_1024_a.pub) to the ~/.ssh2 directory on
Remote.
5. Create an authorization file in your ~/.ssh2 directory on Remote.
Add the following line to authorization:
Key id_dsa_1024_a.pub
This directs the SSH server to use id_dsa_1024_a.pub as a valid
public key when authorizing your login. If you want to login to Remote from
other hosts, create authorization keys on the hosts (steps 1 and 2) and
repeat steps 3 and 4 on Remote.
6. Now you should be able to login to Remote from Local using Secure Shell.
Try to login:
Local>ssh Remote
Passphrase for key "/home/user/.ssh2/id_dsa_1024_a
with comment "1024-bit dsa, created by user at Local
Wed Mar 22 2000 00:13:43 +0200":
After you have entered the passphrase of your private key, a Secure
Shell connection will be established.
*** end instructions
I checked the $HOME environment variable and it contains /home/freeside
which is the home directory of the freeside user.
However, I can not use the fs_signup_server script to do the secure shell
login.
Is this the wrong procedure or not what you are referring to as RSA
Authentication?
Many Thanks
Walter Grace
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://420.am/pipermail/freeside-users/attachments/20010925/7f759ece/attachment.htm
More information about the freeside-users
mailing list