Re: Unix (pam) authorization with required public key



On Tue, Aug 31, 2010 at 10:51:08AM +0400, ???????? ???????????? wrote:
I want to set ssh authorization through unix/pam with mandatory public
key. I want will make sure that except the password the user has an
acknowledgement of legitimacy in the form of a public key. Thus the
password should be from unix/pam, not from key.

I tried different variants. It turned out with key and without the
password, or the password undertook from a key, instead of from
unix/pam.

Public key authentication does not involve a password, and it does not
involve PAM.

If you are attempting to require the use of a passPHRASE on the private
key, then you need to be aware that the private key is only seen by the
ssh client, not the server. The server has no idea whether the key was
passPHRASE protected or not.

Server-side passWORDS have nothing at all to do with public key
authentication, or with the passPHRASES that are used to protect the
private keys.



Relevant Pages

  • Re: TIPS FOR THE NEWCOMER
    ... As long as the private key is readable by the ssh client when it comes ... When the ssh client connects to the server, ... private key which matches the public key. ...
    (SSH)
  • Re: applet file output
    ... Authentication is how the web server knows that ... > it is supposed to allow the applet to write the data. ... > has a distinct private key locally on their machine and the server has ... public key and hard code it into the applet. ...
    (comp.lang.java.programmer)
  • Re: public private key, 3DES
    ... When you want to generate a persistent symmetric key, ... normally derive it from a passphrase and initialization vector. ... key and encrypts passphrase, IV, etc using Y's public key. ... The private key is not to be distributed or saved, ...
    (microsoft.public.dotnet.security)
  • RE: TIPS FOR THE NEWCOMER
    ... using your old private key, so there's no point in keeping a backup. ... > security risk if I send this through e-mail as an attachment to the ssh ... > has been compromised it does not really matter since it is a public key ... > more words for the passphrase it gets harder to crack? ...
    (SSH)
  • Re: Suggestions For The Passing of Passphrases
    ... > passphrase of 20+ randomly generated characters. ... The conventional solution uses public key encryption. ... newspaper, in a telephone conversation between A & B, etc.). ... Only B can decrypt the message (using the private key) - it ...
    (sci.crypt)