Right, I'll rephrase my question:
Does anyone know where I could find help on a beginners level for
openssh?
I've found that openssh.org provides two mailing lists, but one is for
'announce' and the other is for 'developers, not users'.
Regards
Gustav
Gustav Schaffter wrote:
>
> Hi,
>
> Beware, this is a bit long!
>
> I have downloaded and installed openssh (and openssl as required by
> openssh). It is my intention to completely remove the r-services
> (rlogin, etc.).
>
> As such, I believe that I should go for the third alternative within the
> ssh documentation; To let all users create their own key pair. (This
> requires all users to be 'aware' which I naively thought would not be
> necessary with the ssh solution. Or am I missing something?)
>
> I have read the ssh documentation back and forth many times by now, and
> even though I'm very familiar with the concepts of pgp, the ssh package
> seems strange. I guess I'd need some introduction document to read,
> because I'm really confused.
>
> Any 'RTFM for beginners' I should do?
>
> For instance, a user '[EMAIL PROTECTED]' creates a private/public key
> pair. The public key is now given to '[EMAIL PROTECTED]' so that the user
> can securely ssh login from pcA to pcB.
>
> Now pcB uses this public key, stored in pcB, to encrypt a random number
> and send this back to pcA as a challenge. pcA is the only one having the
> private key and the only one that can decrypt the challenge and send it
> back to pcB for authentication.
>
> Question: Doesn't this imply that the public key from pcA must be given
> to pcB on a secure channel?
>
> AFAIK, there is no tool to verify key fingerprints as we do before we
> trust a public pgp/gpg key. Or am I missing something here?
>
> And how does the host keys fit in? After installation of the rpms on two
> PCs at home, I found the private and public host keys already generated
> in /etc/ssh on both machines. Correct?
>
> So, I took the /etc/ssh/ssh_host_key.pub from pcB and stored it as
> /etc/ssh_known_hosts in pcA. (The /etc/ssh_known_hosts file didn't exist
> before in pcA.)
> Then I tried as an ordinary user at pcA to 'ssh -l user pcB' to login as
> user 'user' on pcB. The first response is that ssh tells me that "the
> autenticity of pcB can't be established, key fingerprint is bla,bla. Do
> you want to continue?".
>
> Again, what tools do I have as root to verify the autenticity of the
> public host key from pcB? And as an ordinary user? Am I missing
> something fundamental here?
>
> Best regards
> Gustav (confused (more than usual))
--
pgp = Pretty Good Privacy.
To get my public pgp key, send an e-mail to: [EMAIL PROTECTED]
Visit my web site at http://www.schaffter.com
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
