Date: Thu, 8 Nov 2001 13:28:18 -0500 From: ravi pina <ravi@cow.org> To: kjerste soderberg <kjerstes@yahoo.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ssh auth on floppy Message-ID: <20011108132818.X97368@happy.cow.org> In-Reply-To: <20011108175040.22651.qmail@web9703.mail.yahoo.com>; from kjerstes@yahoo.com on Thu, Nov 08, 2001 at 09:50:40AM -0800 References: <20011108175040.22651.qmail@web9703.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 08, 2001 at 09:50:40AM -0800, kjerste soderberg said at one point in time: > has anyone done this w/ ssh > > Right now ssh for any user is to ssh in w/ their > usernm & passwd. > > Would like to chg this, in addition to their usernm & > passwd would like to hand an authorized remote user a > floppy w/ some type of a file that is an > auth token or something and then if they want to > connect they'd have to have > this file in the right place in addn to their usernm & > passwd ??? [...] i believe by having the following in your sshd_config: RSAAuthentication yes # applies for version 1 only DSAAuthentication yes # applies for version 2 only PasswordAuthentication no will do something similar to this. each user will need to generate a *SA key on their host and place the public version in $HOME/.ssh/authorized_keys of the remote host. you can have it so that they send the keys to you and you edit that file yourself. you can then have the file owned by root and read only so they cannot manually add any other keys. using this method will disable local password auth, and only permit *SA type auth. while this doesn't give you a 2-level auth scheme, IMHO it is far better than using local password, as well as uses a public/private key structure. -r -- echo "send pgp key" | mail ravi@cow.org "The important thing is not to stop questioning." -- Albert Einstein To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011108132818.X97368>