Re: Setting up a secure shell server

From: Tommy Ward (tommy@webever.com)
Date: 01/14/02

• Previous message: Seth Arnold: "Re: Encryption"
• In reply to: Nicholas de Jong: "Re: Setting up a secure shell server"
• Next in thread: Charles Clancy: "Re: Setting up a secure shell server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 14 Jan 2002 10:16:48 -0800
To: "Nicholas de Jong" <nick@infilsec.com>, "Kevin Lisciotti" <moonpup@mediaone.net>, "David Chin" <dwchin@umich.edu>
From: Tommy Ward <tommy@webever.com>

*** snip ***

>.... this may prove to be an administration issue, user generates key....
>does not know what is going on, perhaps emails public key to administrator,
>administrator inserts key....

*** snip ***

Actually, to avoid having the user emailing their public key, and the admin
blindly trusting the key received in unauthenticated mail, it might be better
for the two of them to perform a little key generating ceremony. Doesn't have
to be too formal, but in the same vein that sometimes we create an
account for a new user and hand the keyboard to them at the "enter
user's password prompt", sitting down together to generate the key pair
and moving the key via floppy might be a better idea. This of course assumes
that the admin and user are geographically co-resident. If not, they
need to come up with some way of exchanging the necessary key file
with assurance that it is from the correct person.

*** snip ***

>BTW : If your guys are using the Windows SSH2 client from ssh.com, you will
>have much less pain if you also use the sshd from ssh.com (check the licence
>but as I remember it sshd is free for OS's like FreeBSD, Linux etc..) not
>the openssh sshd. It turns out the two sshd's use different key formats
>which will likely drive you mad. I recall hearing of a key conversion
>utility?? true?? anyone??

I recently ran into this same problem using a Putty client and openssh sshd.

....Tommy

---

• Previous message: Seth Arnold: "Re: Encryption"
• In reply to: Nicholas de Jong: "Re: Setting up a secure shell server"
• Next in thread: Charles Clancy: "Re: Setting up a secure shell server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: securing sshd_config ... > your public key can log into your computer. ... so that you can use ssh from some other computer which has ssh ... but if I've the necessity of log-in like Administrator (i use Windows!) ... (comp.security.ssh) Re: EFS - encrypt data on a remote server ... I tried to use the fek as a public key and it worked... ... mean the Administrator on Server has encrypted a file ... >Alexander Kulikovsky wrote: ... >Microsoft MVP Scripting and WMI, ... (microsoft.public.security) Re: EFS - encrypt data on a remote server ... I tried to use the fek as a public key and it worked... ... mean the Administrator on Server has encrypted a file ... (microsoft.public.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-linux  > 2002-01