Comments on: shared key ssh authentication

By: Ammon

Ammon — Thu, 28 Jan 2010 18:13:15 +0000

Of course you’re right, allowing any sort of remote login directly to the root account is the sort of thing you need to consider very carefully. I would never recommend allowing direct login as root from the public internet.

In is particular case, I was the only one ever using the box and only ever from another host on the same switch. I also required the RSA authentication – there was no password, login was only possible via the key so I don’t feel bad about it.

Also if I actually need to plead my defense further, this did happen about 7-8 years ago when I was substantially less experienced

By: Gary

Gary — Wed, 27 Jan 2010 18:28:27 +0000

The other problem that you didn’t identify in your Warning Section, is the obvious one where in your example you allowed ROOT login from a remote machine. That is one of the First Basic Security steps that should be done.

By: Ammon

Ammon — Wed, 18 Mar 2009 19:30:25 +0000

The problem you’re having with trying to ssh w/o specifying the username is simply because your local and remote usernames are different.

There’s really no secure way for it to know that david@localhost is really DaveAdmin@www1.

As far as SVN goes, it can remember usernames for you – and should by default, even when using svn+ssh.

I generally recommend against using svn+ssh if at all possible. If you need encryption, svn over https is equivalent and is generally more reliable.

By: Dave Wood

Dave Wood — Tue, 17 Mar 2009 23:20:57 +0000

Scratch that…. the problem wasn’t with the key pair, it was with my spelling.

Seriously, who spells Authorised with a ‘z’????

As a minor aside, once the public key was catted into Authorized_Keys “ssh DaveAdmin@WWW1″ works fine, but “ssh WWW1″ still doesn’t work.

By: Dave Wood

Dave Wood — Tue, 17 Mar 2009 23:04:48 +0000

This works fine when your local and remote username are the same, but how do you use/generate a key pair when your local and remote usernames are different?

e.g.
My local Machine is called David_Desktop, my local user is david@David_Desktop

The server I want to log into is called WWW1, and my account on that machine is DaveAdmin@WWW1

I can work with password authentication just fine, but I want to set up a CVS/SVN repository on WWW1 and don’t particularly want to enter my password fifteen times every time I want to do a commit.

By: Gustavo on Information Technology » Setting up your first server

Gustavo on Information Technology » Setting up your first server — Mon, 07 Apr 2008 17:11:56 +0000

[...] At this point you should use shared key ssh authentication, and there’s a great tutorial at ammonlauritzen.com. [...]

By: Macintosh-Admin » Blog Archive » Creating Shared Host Keys

Macintosh-Admin » Blog Archive » Creating Shared Host Keys — Fri, 21 Mar 2008 14:22:08 +0000

[...] used this website to help me: http://ammonlauritzen.com/blog/index.php/2006/04/16/shared_key_ssh_authentication Posted in Tutorials/Guides | Leave a [...]

By: Untitled :: Blog Archive » ssh.com vs openssh

Untitled :: Blog Archive » ssh.com vs openssh — Tue, 28 Nov 2006 20:55:37 +0000

[...] ssh.com vs openssh A few months ago, I wrote a brief entry on how to set up shared key authentication with OpenSSH. [...]