Re: How to authenticate many users with the same public key.
- From: Hans van Zijst <hans@xxxxxxxxxxx>
- Date: Mon, 28 Sep 2009 17:54:55 +0200
Hi,
Thorvald wrote:
On 28 Wrz, 12:31, Hans van Zijst <h...@xxxxxxxxxxx> wrote:Hi Thorvald,Hi Hans,
Thank you for your answer.
It's not impossible per se. You could give your colleagues the same set
of keys, both public and private. I wouldn't recommend it though, why
not give everyone his own key and install their public key on all
servers? You can distribute and maintain those public keys quite easily
with rsync.
I can't give them the same keys as I tried and it didn't work. Don't
know what did I do wrong. I don't want to give everyone his own key as
it will be valid only per person PC. We have to connect via VPN from
homes and we have to have the same key for everybody.
Which client do you use? And what did you do to give the keypair to your colleages? You have to give them both the private and the public key. Plus, of course, the password that protects the private key. Usually, that means copying two files and probably setting the correct permissions on both.
In OpenSSH you'll find your public key in $HOME/.ssh/id_rsa.pub and the matching private key in $HOME/.ssh/id_rsa. I'm not really sure, but I have some recollection that SSH wants the private key to only be readable by the user.
If you want to get rid of maintaing accounts and public keys on all your
servers, I can recommend Active Directory / Kerberos. Configure your
server to use Kerberos and maintain your accounts only there. It does
take a bit of work to set it up, but as soon as it works, you have onle
one place to do your account (and key) maintenance.
I don't want to as we've got some private servers too, so we can't do
it. All servers are virtual and I don't think that would work with AD
or any other AAA. Too much of work for nothing.
I remember that once on one server in my previous company but I did it
like to hold on USB stick a keys, and I had putty prepared to use keys
from USB. I could use these on all servers I had. But now ... simply I
don't remember what to do and how :/.
Using a USB disk is fine. I use an encrypted one (check LUKS for Linux, or FreeOTFE for Windows) because I'm rather paranoid. I created a directory ssh in which I store both my OpenSSH keys (public and private) and those converted to PuTTY format, all in one directory. When I fire up PuTTY, I simply tell it to open a key from that location. If your entire team uses the same directory-layout on your USB disks, you can probably get away with sharing both your session setups and keys.
Check your filesystem, usually you'll find you PuTTY keys somewhere under the PuTTY tree. I remember that PuTTY wants its public keys to have .pub as their extension and .ppk for private keys, but I don't remember what filenames it suggests when generating or exporting keys.
Kind regards,
Hans
Thank you for your answer again.
Regards,
TH
Good luck! Please drop a note if you got things working the way you want them.
Kind regards,
Hans
.
- References:
- How to authenticate many users with the same public key.
- From: Thorvald
- Re: How to authenticate many users with the same public key.
- From: Hans van Zijst
- Re: How to authenticate many users with the same public key.
- From: Thorvald
- How to authenticate many users with the same public key.
- Prev by Date: Re: How to authenticate many users with the same public key.
- Previous by thread: Re: How to authenticate many users with the same public key.
- Index(es):
Relevant Pages
|
