From owner-freebsd-questions@FreeBSD.ORG Sun May 11 03:30:52 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14FF037B404 for ; Sun, 11 May 2003 03:30:45 -0700 (PDT) Received: from mta01-svc.ntlworld.com (mta01-svc.ntlworld.com [62.253.162.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C51943FEA for ; Sun, 11 May 2003 03:30:44 -0700 (PDT) (envelope-from scott@fishballoon.org) Received: from fishballoon.org ([81.104.195.199]) by mta01-svc.ntlworld.com (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP id <20030511103042.NORO2283.mta01-svc.ntlworld.com@fishballoon.org>; Sun, 11 May 2003 11:30:42 +0100 Received: from tuatara.fishballoon.org (tuatara [192.168.1.6]) by fishballoon.org (8.12.8p1/8.12.8) with ESMTP id h4BAU14o002241; Sun, 11 May 2003 11:30:01 +0100 (BST) (envelope-from scott@tuatara.fishballoon.org) Received: (from scott@localhost) by tuatara.fishballoon.org (8.12.9/8.12.9/Submit) id h4BAU0Ot064722; Sun, 11 May 2003 11:30:00 +0100 (BST) (envelope-from scott) Date: Sun, 11 May 2003 11:30:00 +0100 From: Scott Mitchell To: Daniela Message-ID: <20030511103000.GB8616@tuatara.fishballoon.org> References: <20030509000921.P66401-100000@alpha.yumyumyum.org> <200305101108.13319.dgw@liwest.at> <20030510122815.F79934@ndhn.yna.cnyserzna.pbz> <200305110041.39601.dgw@liwest.at> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200305110041.39601.dgw@liwest.at> User-Agent: Mutt/1.4i X-Operating-System: FreeBSD 4.8-STABLE i386 cc: Kenneth Culver cc: questions@freebsd.org cc: Kirill Pisman Subject: Re: Why is port 22 open by default? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 May 2003 10:30:52 -0000 On Sun, May 11, 2003 at 12:41:39AM +0000, Daniela wrote: > Just one question: Why isn't rsa/dsa key authentication the default? > Is it hard to set up? Are there other drawbacks? Public key authentication should be enabled by default. Once you have all the right keys in the right places it should just work, then you can turn off password-based authentication. It's not really hard to set up, but there's several steps so it's easy to mess up the first time you try it. Googling for 'ssh public key setup' finds various pages that will walk you through the whole process. Remember that the public key stays on the server, while the private key needs to be distributed to clients, which might seem backwards at first. And make sure you choose a good passphrase to secure the private key! Scott -- =========================================================================== Scott Mitchell | PGP Key ID | "Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines" scott at fishballoon.org | 0xAA775B8B | -- Anon