Re: openssh_config problems
From: Nico Kadel-Garcia (nkadel_at_verizon.net)
Date: 07/25/03
- Next message: Nico Kadel-Garcia: "Re: Question about SSH, well duh."
- Previous message: Fluker: "Re: LEt me clarify this, damn."
- In reply to: Richard E. Silverman: "Re: openssh_config problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Jul 2003 10:48:47 GMT
Richard E. Silverman wrote:
>>>>>>"JDL" == Jan De Luyck <jdeluyck.no.spam@hou.uwe.spam.bij.u.triennium.com> writes:
>
>
> JDL> hello List, I'm looking to implement ssh on our servers (40
> JDL> solaris boxes)
>
> JDL> Due to architectural reasons I'm currently unable to put my ssh
> JDL> identity keys in $HOME/.ssh - $HOME is a directory that is
> JDL> rdisted over several servers.
>
> I don't understand your reasoning here. Why is this an impediment?
> Presumably you have one, or a small set, of personal keys, which would be
> the same everywhere.
>
> But more to the point, why put your private keys on these boxes at all? I
> would keep them on a smaller set of machines I log into directly (e.g. my
> desktop), and place only the public keys on the servers. Use agent
> forwarding if you need transitive access to your keys from there.
>
Amen. I find that putting them on a CD or floppy and using ssh-agent, or
using an *extremely* secure machine for them, allows me to go nab the
keys as needed when online and keep them unavailable when offline.
- Next message: Nico Kadel-Garcia: "Re: Question about SSH, well duh."
- Previous message: Fluker: "Re: LEt me clarify this, damn."
- In reply to: Richard E. Silverman: "Re: openssh_config problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
