Date: Thu, 8 Nov 2001 13:28:18 -0500 From: ravi pina <ravi@cow.org> To: kjerste soderberg <kjerstes@yahoo.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ssh auth on floppy Message-ID: <20011108132818.X97368@happy.cow.org> In-Reply-To: <20011108175040.22651.qmail@web9703.mail.yahoo.com>; from kjerstes@yahoo.com on Thu, Nov 08, 2001 at 09:50:40AM -0800 References: <20011108175040.22651.qmail@web9703.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 08, 2001 at 09:50:40AM -0800, kjerste soderberg said at one point in time:
> has anyone done this w/ ssh
>
> Right now ssh for any user is to ssh in w/ their
> usernm & passwd.
>
> Would like to chg this, in addition to their usernm &
> passwd would like to hand an authorized remote user a
> floppy w/ some type of a file that is an
> auth token or something and then if they want to
> connect they'd have to have
> this file in the right place in addn to their usernm &
> passwd ???
[...]
i believe by having the following in your sshd_config:
RSAAuthentication yes # applies for version 1 only
DSAAuthentication yes # applies for version 2 only
PasswordAuthentication no
will do something similar to this. each user will need
to generate a *SA key on their host and place the public
version in $HOME/.ssh/authorized_keys of the remote host.
you can have it so that they send the keys to you and you
edit that file yourself. you can then have the file owned
by root and read only so they cannot manually add any other
keys.
using this method will disable local password auth, and
only permit *SA type auth. while this doesn't give you
a 2-level auth scheme, IMHO it is far better than using
local password, as well as uses a public/private key
structure.
-r
--
echo "send pgp key" | mail ravi@cow.org
"The important thing is not to stop questioning."
-- Albert Einstein
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011108132818.X97368>