Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Settting up SSH access question
June 23, 2004, 12:51 pm
rate this thread
on all of our servers SSH is installed and configured. SSH is setup to
use only pub/priv keys, no password.
I have created a non-privileged account on each server. For this
account the 'authorized_keys' file contains 1 pub key for a specific
The purpose is to have central system that we can use to fetch
information on all servers via SSH and via the cron. Thus this central
system contains the private key of the user which public key is in the
'authorized_keys' of the account I created on each server.
This works great (since the private key is on the central system, I
can put entries in the cron that use SSH to go on every server) but
this is also a security risk since the when the central system is
hacked, one could get on every system (albeit as a non privileged user
but still ...). I can harden the central system enough to limit the
chance of hacking.
However, what I want to prevent is that people copy the private of the
user on the central system over to their system and start accessing
all servers from their system. Therefore I would like to specify on
all the servers that the account I created can only be used from a
I looked at host based authentication but this is not what I want
since it will authenticate the users only based upon the hosts from
where they are trying to access the system.
I would like to have the authentication based upon the pub/priv keys
AND specify the hosts that are allowed to connect as that specific
user to the servers.
Is this possible?
Any help much appreciated.
- Richard E. Silverman
June 23, 2004, 2:19 pm
Re: Settting up SSH access question
% man sshd
AUTHORIZED_KEYS FILE FORMAT
Specifies that in addition to RSA authentication, the canonical
name of the remote host must be present in the comma-separated
list of patterns (`*' and `'? serve as wildcards)...
- » PLink Telnet verbindung mit Script Switch 3Com 3300
- — Previous thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum