RE: How to allow multiple hosts with same key??

From: Aaron Roberts (aaron@domicilium.com)
Date: 12/19/02

  • Next message: Wieckowski, Tom: "installing chroot support in ssh/sftp opensssh-3.5p1" 
    Date: Thu, 19 Dec 2002 16:28:19 -0000
From: "Aaron Roberts" <aaron@domicilium.com>
To: "Biju Perumal" <biperuma@npd.hcltech.com>, <secureshell@securityfocus.com>

    AFAIK, the user@host in the public key is the comment field from the public key; it isn't used by SSH.

    With my sshd_config below, you can connect from any host, it is the user/key combination that is used for authentication.

    Aaron

    -------------

    Port 22
    ListenAddress 0.0.0.0
    HostKey /etc/ssh/ssh_host_key
    HostKey /etc/ssh/ssh_host_dsa_key
    HostKey /etc/ssh/ssh_host_rsa_key
    ServerKeyBits 768
    LoginGraceTime 60
    KeyRegenerationInterval 3600
    PermitRootLogin no
    IgnoreRhosts yes
    IgnoreUserKnownHosts yes
    StrictModes yes
    X11Forwarding no
    PrintMotd yes
    KeepAlive yes
    SyslogFacility AUTH
    LogLevel INFO
    RhostsAuthentication no
    RhostsRSAAuthentication no
    RSAAuthentication yes
    PasswordAuthentication no
    PermitEmptyPasswords no
    AllowUsers aaron
    PAMAuthenticationViaKbdInt no
    Subsystem sftp /usr/libexec/openssh/sftp-server

    ---------------

    -----Original Message-----
    From: Biju Perumal [mailto:biperuma@npd.hcltech.com]
    Sent: 19 December 2002 11:48
    To: secureshell@securityfocus.com
    Subject: How to allow multiple hosts with same key??

    Hi All,
         Is it possible for multiple clients to connect to a server with the
    same key.

         I will explain.
         I have a box which allow only ssh connection with a custom build
        kernel with ssh support. If I manage to put one public key along
        with the image, can I connect from different clients using
        a same private keay?

        How about changing the "user@host" in the public key to "*@*"?
        Any problem with this approach?
        Any other idea how to implement this.

    Thanks in advance

    regards 

    --
Biju Perumal
HCL Technologies Ltd
184-188, N.S.K. Road,Vadapazhani
Chennai - 26, India
Voice: +91-44-3728366 (Extn: 1134)
http://san.hcltech.com

    Relevant Pages

    • Explanation of SSH
      ... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
      (comp.security.ssh)
    • SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissio
      ... I know that the setting of CVSUMASK on the server machine> works if you use SSH tunneling though. ... I have tried using SSH in the past, and got stuck setting up the public key login. ... In order to use cvs with ssh, we must use public key authentication. ...
      (freebsd-questions)
    • Re: ssh
      ... ssh can use DSA or RSA keys for authentication. ... public key can decrypt. ... is significantly smaller than that for ssh RSA/DSA keypairs. ... host to capture the key (either an unprotected key or a capture of your ...
      (Vuln-Dev)
    • RE: TIPS FOR THE NEWCOMER
      ... using your old private key, so there's no point in keeping a backup. ... > security risk if I send this through e-mail as an attachment to the ssh ... > has been compromised it does not really matter since it is a public key ... > more words for the passphrase it gets harder to crack? ...
      (SSH)
    • TIPS FOR THE NEWCOMER
      ... Correct me if I am wrong, it appears that ssh and gnupg has similar ... Do I have to send my public key to ... the other machine (ssh client) and likewise do the same thing get a copy ... Is the passphrase function here same as in gnupg that if you have ...
      (SSH)