Tutoring on SSD/SSH

[Matthew Carpenter]

It's not exactly what you're asking for, but you want to use Protocol 2
with PubKeyAuthentication.

This requires that each user have a key on their account from which they
will be connecting (For Windows, this is handled by the SSH client, like
F-Secure's SSH Client).  On a Unix box, these files (public and private
key files) will be placed probably in ~/.ssh/ and will be called
id_dsa/id_dsa.pub or id_rsa/id_rsa.pub (you want DSA).  Then, on the
server machine, the account they are connecting as will have to have
(basically) the contents of their id_dsa.pub in ~/.ssh/authorized_keys2
(or possibly ~/.ssh/authorized_keys).

To generate key files on a unix box running OpenSSH, type:

ssh-keygen -t dsa

You will be asked for the name of the file (just the private file.  ".pub"
is added onto this for the public file) and the default is generally good
(dependant upon the ssh client's config - /etc/ssh/ssh_config)
You will be asked for a passphrase.  If you want your users to use a
password on top of DSA Keys, this is where it goes.  I don't normally do
this, but it depends on the security of the client machine.

Make sure the id_dsa file is in the client's ~/.ssh/ directory and the
contents of id_dsa.pub is in ~/.ssh/authorized_keys2 on the server and you
should be good to go.

NOTE: if your ip address or DNS name is going to be different than where
you generated the keys, in id_dsa.pub, alter the end of the line
accordingly, or remove "@...." to allow any machine using that userID and
public key to access that account.

On 24 Jul 2002 08:54:08 -0500
"Michael Hipp" <MHipp at redmule.com> wrote:

> I think what I want is that there is a key stored in the client
> computer's ~/ for a particular user that gets that user a login to the
> host system. If the user has to supply a valid password on top of that
> would prolly be ok. No client computer without that key would be allowed
> to even attempt a login to the host.