HostedDB - Dedicated UNIX Servers

Securing-Optimizing-RH-Linux-1_2_179
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 179 · Your Mail server · Your Web server · Your GW server This allows you to limit access between these servers, e.g. not allowing the Mail account to access your Web account or the machines in the GW. This enhances the overall security in the case any of authentication keys are compromised for some reason. Step 2 Copy your public keys of local (identity.pub), to “/home/admin/.ssh” directory of remote under the name, say, “authorized_keys”. NOTE: One way to copy the file is to use the ftp command or you might need to send your  public key in electronic mail to the administrator of the system. Just include the contents of the ~/.ssh/identity.pub file in the message. If access to the remote system is still denied you should check the permissions of the following files on it: · The home directory itself · The ~/.ssh directory · The ~/.ssh/authorized_keys file The permissions should allow writing only by you (the owner). This example shows the permissions you could use. [admin@deep /]$  cd [admin@deep admin]$  ls -ld . .ssh .ssh/authorized_keys drwx------      5 admin    admin        1024  Nov 28 07:05 . drwxr-xr-x     2 admin    admin        1024  Nov 29 00:02 .ssh -rw-r--r--        1 admin    admin         342    Nov 29 00:02 .ssh/authorized_keys  Changing your pass-phrase  You can change the pass-phrase at any time by using the -p option of ssh-keygen. · To change the pass-phrase, use the command: [root@deep /]# su admin [admin@deep /]$ ssh-keygen1 -p Enter file key is in (/home/admin/.ssh/identity): [Press ENTER] Enter old passphrase: Key has comment 'admin@deep.openarch.com' Enter new passphrase: Enter the same passphrase again: Your identification has been saved with the new passphrase. SSH1 Users Tools The commands listed bellows are some that we use often in our regular use but much more exist and you must check the man page and documentation for more details and information. ssh1 Ssh1 (Secure Shell) provide secure encrypted communications between two untrusted hosts over an insecure network. It is a program for logging securely into a remote machine and executing