SSH Key generation question
in [General Linux]
|
From: Robert Riches on 20 Jun 2010 00:34 On 2010-06-20, Kenny McCormack <gazelle(a)shell.xmission.com> wrote: > In article <slrni1qoih.bir.spamtrap42(a)one.localnet>, > Robert Riches <spamtrap42(a)verizon.net> wrote: >>On 2010-06-19, Keith Keller <kkeller-usenet(a)wombat.san-francisco.ca.us> wrote: >>> ... >>> >>> Yes. X11 is ''backwards'', but ssh is not. The person running the ssh >>> command is the client; the server listening for ssh connections (i.e., >>> running sshd) is the server. >> >>No, X11 has it right. The X server is providing _DISPLAY_ >>services to client programs that want something displayed. > > 'backwards' does not (i.e., should not) imply 'wrong' or immoral, or > fattening. It is just "different" - and both models are both equally > morally valid. > > I've always been amused by how nifty the X model is, and in particular > how it *is* "backwards" in terms of how most people think of things. > Historically, people have associated the word "server" with "remote" and > "big iron", and "client" with their desktop. The fact that X often > reverses these roles should be viewed as an amusement and not as > something to become morally outraged over. Sorry, I used an incorrect word. Let me restate: No, X11 uses the correct terminology. The X server is providing _DISPLAY_ services to client programs that want something displayed. As John Hasler and Keith Keller so ably explained in their postings, X11 correctly identifies the X display server (the program that listens for connections and provides services) as "server" and the programs that connect with the X server and request display services as "client". At a former work place, the folks back east had used the incorrect terminology, and it took me a long time to figure out exactly what they were saying. -- Robert Riches spamtrap42(a)verizon.net (Yes, that is one of my email addresses.)
From: Todd on 20 Jun 2010 01:16 On 06/19/2010 08:35 PM, Keith Keller wrote: > On 2010-06-20, Todd<todd(a)invalid.com> wrote: >> >> But, if that is they way the X11 folks want to do it, it >> is their right. > > It's not just their right, it *is* right! It just *seems* backwards to > people used to thinking in terms of "big machine == server" instead of > the more accurate "listening machine == server". > >> And, and, by referring to it as backward, you remove the >> "state of confusion" from so very many victims of the >> play on words. > > ...which is why I usually try to be nice when I explain that it's not > actually backwards. :) > > --keith > The one initiating the process would be the client. The X11 folks are using a play on words. The little machine is requesting a process be run on the big machine. The big machine sits idly by waiting for the little machine to request something. As you so stated, the "listening machine == server". The X11 folks could use the same play on words to make 60 workstations requesting files from a Samba server into 60 servers listening for data from one client. But if that is the way the X11 folks want to phrase it, it is okay with me. Just as long as I know what they are up to so I can adjust for their quirks in speech. -T
From: Todd on 20 Jun 2010 01:17 On 06/19/2010 08:07 PM, General Schvantzkoph wrote: > On Sat, 19 Jun 2010 14:03:53 -0700, Todd wrote: > >>> Host saratoga.foobar.com >>> Port 2303 >>> User remoteguy >> >> First , thank you for the excellent reply! I am only removing most of >> it as nntp.aioe.org gets annoyed if you quote too many line. >> >> > Host saratoga.foobar.com >> > Port 2303 >> > User remoteguy >> >> Question: is "remoteguy" the user name for his local (on the server) >> account or his user name from his client (remote) laptop? >> >> -T > > remoteguy is the user name on the server. If you use the same user name > on both the client and the server you don't need to specify the User in > the config file. I will ask him what name he wants to use. Thank you, -T
From: Todd on 20 Jun 2010 01:31 On 06/19/2010 08:38 PM, Keith Keller wrote: >> 5) then I can actually delete both keys out of >> his ~/.ssh directory >> >> Have I got it right? > > > And (most importantly!) for 5), you leave the public key in his ~/.ssh > directory, since that's where sshd expects to find it (by default). I do not understand. Normally he would create his key pairs on his own computer and send me his public key. I would then append his .pub to his authorized_keys. cat id_rsa.pub >> ~/.ssh/authorized_keys If I create his keys for him on my server, after sending him his private key and appending his pub to his authorized_keys, why would I need to keep his keys around? (Other than for backup.) Please straighten me out. -T
From: Todd on 20 Jun 2010 01:32
On 06/19/2010 08:36 PM, Keith Keller wrote: > On 2010-06-19, Todd<todd(a)invalid.com> wrote: >> >> If I disable root to root access (no logon as root >> through ssh), does that preclude a remote user >> from "su" to root? > > No. (Nor does it prevent direct root logins from the console, another > common misunderstanding.) > > --keith > Cool. Works for me. Thank you! -T |