Securing-Optimizing-RH-Linux-1_2_179
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
179
·
Your Mail server
·
Your Web server
·
Your GW server
This allows you to limit access between these servers, e.g. not allowing the Mail account to
access your Web account or the machines in the GW. This enhances the overall security in the
case any of authentication keys are compromised for some reason.
Step 2
Copy your public keys of local (identity.pub), to /home/admin/.ssh directory of remote under the
name, say, authorized_keys.
NOTE: One way to copy the file is to use the ftp command or you might need to send your public
key in electronic mail to the administrator of the system. Just include the contents of the
~/.ssh/identity.pub file in the message.
If access to the remote system is still denied you should check the permissions of the following
files on it:
·
The home directory itself
·
The ~/.ssh directory
·
The ~/.ssh/authorized_keys file
The permissions should allow writing only by you (the owner). This example shows the
permissions you could use.
[admin@deep /]$ cd
[admin@deep admin]$ ls -ld . .ssh .ssh/authorized_keys
drwx------ 5 admin admin 1024 Nov 28 07:05 .
drwxr-xr-x 2 admin admin 1024 Nov 29 00:02 .ssh
-rw-r--r-- 1 admin admin 342 Nov 29 00:02 .ssh/authorized_keys
Changing your pass-phrase
You can change the pass-phrase at any time by using the -p option of ssh-keygen.
·
To change the pass-phrase, use the command:
[root@deep /]# su admin
[admin@deep /]$ ssh-keygen1 -p
Enter file key is in (/home/admin/.ssh/identity): [Press ENTER]
Enter old passphrase:
Key has comment 'admin@deep.openarch.com'
Enter new passphrase:
Enter the same passphrase again:
Your identification has been saved with the new passphrase.
SSH1 Users Tools
The commands listed bellows are some that we use often in our regular use but much more exist
and you must check the man page and documentation for more details and information.
ssh1
Ssh1 (Secure Shell) provide secure encrypted communications between two untrusted hosts over
an insecure network. It is a program for logging securely into a remote machine and executing