[lug] OpenSSH
Mark Horning
rip6 at rip6.net
Tue Jan 30 23:27:26 MST 2001
Calvin Dodge wrote:
>
> "Michael J. Pedersen" wrote:
> >
> > 1) As the user who will login, issue 'ssh-keygen'
> > Follow all prompts, but make certain not to use a passphrase on this secret
> > key.
> > 2) Copy the file $HOME/.ssh/identity.pub to $HOME/.ssh/authorized_keys on the
> > server to which you will log in.
> > 3) On the server you log into, find the file 'sshd_config', and make the
> > following changes to it:
>
> Correct me if I'm wrong, Michael, but if one is running ssh2 (which, if
> I understand correctly, is the default for the latest versions of
> openssh) shouldn't that be "ssh-keygen -d" and "copy
> $HOME/.ssh/id_dsa.pub to $HOME/.ssh/authorized_keys2 on the server"?
>
I believe that is correct....from the (open)ssh man page:
SSH protocol version 2
When a user connects using the protocol version 2 different authentica
tion methods are available: At first, the client attempts to
authenticate
using the public key method. If this method fails password authentica
tion is tried.
The public key method is similar to RSA authentication described in the
previous section except that the DSA algorithm is used instead of
the patented RSA algorithm. The client uses his private DSA key
$HOME/.ssh/id_dsa to sign the session identifier and sends the result to
the server. The server checks whether the matching public key is listed
in $HOME/.ssh/authorized_keys2 and grants access if both the key is
found
and the signature is correct. The session identifier is derived from a
shared Diffie-Hellman value and is only known to the client and the
serv
er.
(Sorry for the formatting)
Mark
--
Mark Horning
rip6 at rip6.net
More information about the LUG
mailing list