Eric,

Well, I wanted to replace rsh, rlogin, telnet and ftp within my small
home LAN. (Currently 7 PCs with two more in the pipeline.)

Especially, I want to use ssh as the only way to login to my Internet
Gateway (that I'm right now configuring for use with ADSL within a month
or two). The Gateway PC (486-DX266) currently runs without keyboard,
mouse or monitor. It's on an over dimensioned UPS and should 'never'
need to be shutdown. (Touch wood. ;-)

Let me mention that I'm an old pgp/gpg user so I have a decent
understanding of asymmetric public key data encryption, even though I'm
far from an expert. I've been called 'power user' of pgp, but that might
be to exaggerate. :-)

I've already installed openssh, openssh-server and openssl (latest .rpm
versions from the openssh site) on the Gateway machine (the server).
I've also installed openssh, openssh-clients and openssl on a 'client'
PC in my LAN.

I configured openssh-server to use ssh protocol 2 only.

First time I tried to connect to my server, using ssh, it asked me if I
wanted to accept the key from the server with a specific finger print. I
compared the finger print against the DSA fingerprint that was provided
during key generation on the server while installing the openssh server
part. It was the same, so I accepted. The information about the foreign
host was now stored in my ~/.ssh/known_hosts2 file.

Q: I've understood from the documentation that this could be done
'centrally' on the client PC, so that all users on the client PC could
take benefit from the knowledge of the server as a 'known host' and this
way avoid that *every* local user on the client PC must know (and
verify) the server. How is this supposed to be achieved?


Q: From what I've understood, the most secure way of using (open)ssh is
to use RSAauthentification only. (Correct?) How do I setup that to
happen?


Enough for this time. :-)

Best regards
Gustav

Eric Sisler wrote:
> 
> Gustav Schaffter <[EMAIL PROTECTED]> wrote:
> 
> >Anyone knows where I can find some basic HOW-TO or equivalent covering
> >the practicals of configuring and using ssh, particularly openssh?
> 
> There isn't really much to the basic install - you'll need openssh,
> openssh-server, openssh-clients and openssl.
> 
> >I have studied the man pages until my eyes bleed, but there are still
> >parts of the basics concepts I don't understand.
> 
> Is there something in particular that you want to setup ssh for?  I've done
> a few things with it and use it daily so maybe I can help.
> 
> -Eric

-- 
pgp = Pretty Good Privacy.

To get my public pgp key, send an e-mail to: [EMAIL PROTECTED]

Visit my web site at http://www.schaffter.com



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to