SSH Key generation question
in [General Linux]
|
From: General Schvantzkoph on 19 Jun 2010 23:07 On Sat, 19 Jun 2010 14:03:53 -0700, Todd wrote: >> Host saratoga.foobar.com >> Port 2303 >> User remoteguy > > First , thank you for the excellent reply! I am only removing most of > it as nntp.aioe.org gets annoyed if you quote too many line. > > > Host saratoga.foobar.com > > Port 2303 > > User remoteguy > > Question: is "remoteguy" the user name for his local (on the server) > account or his user name from his client (remote) laptop? > > -T remoteguy is the user name on the server. If you use the same user name on both the client and the server you don't need to specify the User in the config file.
From: John Hasler on 19 Jun 2010 23:20 Todd writes: > The computer crunching the numbers (called the server by CUPS, Samba, > DHCP, NAMED, yada, yada, yada) is actually called the "client". No. A program having something it wants displayed by the server is called a "client". There can be many clients on many computers (one or more per computer) including but not limited to the computer the server is running on (a server is a program, not a computer). > And by common convention, it is backwards. No. You just don't understand the convention. > And, and, by referring to it as backward, you remove the "state of > confusion" from so very many victims of the play on words. No. You add to it. -- John Hasler jhasler(a)newsguy.com Dancing Horse Hill Elmwood, WI USA
From: Keith Keller on 19 Jun 2010 23:35 On 2010-06-20, Todd <todd(a)invalid.com> wrote: > > But, if that is they way the X11 folks want to do it, it > is their right. It's not just their right, it *is* right! It just *seems* backwards to people used to thinking in terms of "big machine == server" instead of the more accurate "listening machine == server". > And, and, by referring to it as backward, you remove the > "state of confusion" from so very many victims of the > play on words. ....which is why I usually try to be nice when I explain that it's not actually backwards. :) --keith -- kkeller-usenet(a)wombat.san-francisco.ca.us (try just my userid to email me) AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt see X- headers for PGP signature information
From: Keith Keller on 19 Jun 2010 23:38 On 2010-06-19, Todd <todd(a)invalid.com> wrote: > Yet another follow up question: > > I occurred to me that if I have to create his > (the client's) keys (on my server) and send them > to him, that: > > 1) I have to create them under his user account > > 2) Fish them out of his ~/.ssh directory > > 3) Send "both" of the keys to him > > 4) add his .pub to my fray > > 5) then I can actually delete both keys out of > his ~/.ssh directory > > Have I got it right? Mostly. For 1), you can create the keys as whoever you like, as long as they eventually become owned by his user (using chown, for example). For 3), technically, he only requires the private key in order to log in to your server (since you're putting the public key in the right place). He would need the public key if he wanted to use the private key to log in to other servers. And (most importantly!) for 5), you leave the public key in his ~/.ssh directory, since that's where sshd expects to find it (by default). --keith -- kkeller-usenet(a)wombat.san-francisco.ca.us (try just my userid to email me) AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt see X- headers for PGP signature information
From: Keith Keller on 19 Jun 2010 23:36
On 2010-06-19, Todd <todd(a)invalid.com> wrote: > > If I disable root to root access (no logon as root > through ssh), does that preclude a remote user > from "su" to root? No. (Nor does it prevent direct root logins from the console, another common misunderstanding.) --keith -- kkeller-usenet(a)wombat.san-francisco.ca.us (try just my userid to email me) AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt see X- headers for PGP signature information |