Re: Setting up a secure shell server

From: Simon Burns (simon@ababa.org)
Date: 01/12/02


Date: Sat, 12 Jan 2002 10:03:33 +0000 (GMT)
From: Simon Burns <simon@ababa.org>
To: <focus-linux@securityfocus.com>


> I've done both. It's almost trivial. I'd recommend SSH.com's
> implementation because they have both the Windows and the Unix side. (Not
> that openssh won't work -- it's just that I haven't tried it.)

If you want a free SSH client for Windows, try PuTTY from
http://www.chiark.greenend.org.uk/~sgtatham/putty/

> Your users will have to generate a keypair
> on their home (Windows) machine, then put the public key in a special place
> in their home directory on your (Linux) machine.

That's not always _necessary_, although it's best practice. You can use
SSH as a drop-in replacement for telnet, and use just a password to
connect (rather than the public key auth method). If you're looking to
learn more about security, and you want to "double-lock the door" to your
system, use both kinds of authentication. Or if you tire of typing in your
password, you can use just the public key method without a password -- but
if someone manages to steal your private key you're in trouble... Depends
if your system is on the Internet or a private network.

HTH,

--
Simon Burns



Relevant Pages

  • Can sn.exe utilize the Windows certificate store?
    ... For signing an assembly with sn.exe in .NET, is it possible to specify a public key for which the private key is contained only within the Windows CryptoAPI keystore? ... I see the option for specifying the CSP name, and the container name. ... Are there values to use to access the Windows certificates? ... Specifically, I am asking this because there are a few keys which do not have the private key marked as exportable, so I cannot export a .pfx and follow that route. ...
    (microsoft.public.dotnet.framework)
  • Re: CryptoAPI v.s. SSL3.0/TSL 1.0
    ... Windows 2000, for example, which does not support that blob type. ... "Bong G. Valdoz Jr." ... Get a handle to the container of the server DH ... Export the client's public key in a PUBLICKEYBLOB ...
    (microsoft.public.platformsdk.security)
  • Re: Certificates received from Windows CertStore: wrong public key (and incorrect modulus length)?
    ... The Pinvoke to CryptoAPI should return the correct key size. ... they return the correct public key. ... > well as from the windows local machine certificate store. ...
    (microsoft.public.dotnet.security)
  • Re: [OT] Yahoos Antispam proposal
    ... James Buchanan wrote: ... > Maybe the Internet community needs to get together and write a new RFC ... I've thought that Public Key Authentication could be used in the same ... Malware will steal Keys from Windows computers faster than you can issue ...
    (Debian-User)
  • CryptoAPI v.s. SSL3.0/TSL 1.0
    ... Cryptographic Service providers of Windows ... Whenever I try to import the public key ... pbBlob>, hSrvDHKey, 0, &hSrvDHKey) ...
    (microsoft.public.platformsdk.security)