Re: How to configure dual SSH keys?

---

• From: "Richard E. Silverman" <res@xxxxxxxx>
• Date: 14 Jun 2006 22:25:30 -0400

---

"mb" == mb <michaelb@xxxxxxxxxxx> writes:

mb> For reasons which are obscure but valid,

You need to state what you're trying to accomplish; otherwise, we can't
help you much. What you're asking doesn't make much sense, as it stands.

mb> I am trying to configure SSH so that for one particular target
mb> machine, I have separate Host and root keys, as well as a separate
mb> known_hosts and authorized_keys file.

This is rather unclear. It's normal for all servers to have different
hostkeys. The term "root key" is not standard; I'll guess you mean some
client authentication keys normally used by the root account on the SSH
client host. They would normally be different from the hostkeys, also.

As for the known_hosts and authorized_keys files: the former is relevant
on the client, not the server, while the latter is on the server but
corresponds to an account, not a machine, so I don't know what you mean by
a host having a "separate authorized_keys file."

mb> 3. I haven't figured out how to use two authorized_keys files for
mb> root.

Again, state your goals: *why* do you want two authorized_keys files? In
what different contexts would they be used? How would it be different
from simply listing multiple keys in a single file?

mb> 4. I haven't figured out how to use two sets of Host keys.

I don't even know what this means. An SSH server has some number of host
keys which it can offer to a client. Though theoretically you could offer
different keys to different clients based on some criteria (actually, IP
address is all you've got at that point), I know of no implementation that
does this.

Tell us what you're trying to do.

--
Richard Silverman
res@xxxxxxxx

.

---

• References:
  • How to configure dual SSH keys?
    • From: mb

• Prev by Date: Re: How to configure dual SSH keys?
• Next by Date: Re: looking for simple proxy s/w (to forward requests from external computer)
• Previous by thread: Re: How to configure dual SSH keys?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: cs-host, host header and destination ... I can understand why someone would want to cloak their ... > The CS-Host field is sent by the client. ... If the server is configured with host headers only, ... (microsoft.public.inetserver.iis) Re: how to configure host headers for 3 IIS machines ? ... The CS-Host field is sent by the client. ... If the server is configured with host headers only, ... Kristofer Gafvert - IIS MVP ... (microsoft.public.inetserver.iis) Re: Personal Firewalls ... overhead on the host PC and provides some physical isolation. ... Although the individual client connections can be relatively secure, ... I would not host the data on a web server unless absolutely ... inexpensive solution could be the installation of removable hard drives. ... (Security-Basics) Re: [SLE] Help with NFS ... > Dylan wrote: ... >> OK, this is fine, except that if you specify an individual host by ... > Host name of server = toshiba ... > Host name of client = linux ... (SuSE) Re: Client connect without host service running? ... Incoming clients cannot connect via ssh unless openssh is running. ... openssh caches the keys in memory... ... I went to the ssh client and compared the host ... (comp.security.ssh)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2006-06