Re: Pubkey

From: Alexander Klimov (alserkli_at_inbox.ru)
Date: 11/28/04

  • Next message: Derek Martin: "Re: Two minor requests to all participants"
    Date: Sun, 28 Nov 2004 01:29:16 +0200 (IST)
    To: Richard <quieroleerlo@yahoo.es>
    
    

    On Fri, 26 Nov 2004, Richard wrote:
    > what is the recommended procedure to permit the pubkey authetication in a
    > secure environment?
    >
    > 1.- The administrator creates a login account for Kate and Kate generates the
    > key pair. Kate uses the login account to connect to the remote host and
    > appends the pubkey into the authorized_keys. Kate can connect to the remote
    > machine with pubkey and with the login account

    I think a better way is as follows:
     -- Kate creates a key pair and sends pubkey to Admin
     -- Admin verifies that it is Kate, who sends it, creates an account and adds
        the pubkey to authorized_keys
     -- Kate now is able to login using her private key and has no password at all
        (that is good since it is now impossible to guess her password)

    Note that on some systems accounts are created locked and admin needs to unlock
    them so that Kate can login.

    -- 
    Regards,
    ASK
    

  • Next message: Derek Martin: "Re: Two minor requests to all participants"