North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Remote Shell
- From: Adam D. McKenna
- Date: Tue Sep 29 01:30:46 1998
This will work if you have no passphrase on your RSA key. This is a *really*
stupid thing to do, IMHO, especially to a root account, as anyone who manages
to get access to your ~/.ssh/identity file will be able to log into any host
that you have set this up on, without a password. While it's a little more
secure than .rhosts authentication, the absence of any kind of
password/passphrase validation makes it (again IMHO) an undesirable option for
the security conscious.
--Adam
-----Original Message-----
From: Zachary McGibbon <mzac@uunet.ca>
To: Roeland M.J. Meyer <rmeyer@mhsc.com>
Cc: Benicio Miguel Sanchez Fuentes <bsanchez@alestra.com.mx>; NorthAm Net Ops
Grp List <nanog@merit.edu>
Date: Tuesday, September 29, 1998 1:42 AM
Subject: Re: Remote Shell
You can perform 'rsh' type commands with ssh as well... here's an example:
/# ssh servername w
root@servername's password: <type password here>
10:45pm up 19 days, 6:31, 2 users, load average: 0.18, 0.11, 0.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root ttyp0 client 8:08pm 2:37m 0.27s 0.10s
You can also setup authorized keys on the server side. In your home dir
on the server, go into the '.ssh' dir, and create a file called
'authorized_keys', then on your workstation, type 'ssh-keygen'. In your
home dir, go into '.ssh' and take the contents of 'identity.pub' and copy
that to the 'authorized_keys' on the server side. Then 'chmod 600
authorized_keys' on the server side. Then it won't ask you for a password
when you ssh to that machine. It's usefull if you want to set this up as
a cronjob to do something on a remote machine.
On Mon, 28 Sep 1998, Roeland M.J. Meyer wrote:
> Set up SSH <http://www.datafellows.com> and open port 22. I would NOT allow
> plain ol' telnet over the Internet. SSH is free for non-commercial use and
> is works quite well under HP-UX.
>
>
>
> At 01:32 PM 9/28/98 -0500, you wrote:
> >I need to give remote shell access to a user in a server (an HP-9000 k410
> >running HP-UX 10.10) conected to mine through a 3Com router, I have done
> >some investigation and what I have found is that I have to open port 514
> >for tcp, for some reason this did not work, so I opened (temporarily of
> >course) all the ports on the router....and it worked, but I donīt want to
> >leave it like that, Does anyone now what port(s) I need to leave open to
> >alow the remote shells?.
> >
> >Is there any configuration needed other than the equiv.hosts and (or) the
> >.rhosts files ?
> >
> >Thanks in advance for your answers
> >
> >Benicio Sanchez
> >Network Operations Engineer
> >Alestra
> >
>
> _________________________________________________
> Morgan Hill Software Company, Inc.
> Colorado Springs, CO - Livermore, CA - Morgan Hill,
> CA
> Domain Administrator
> MHSC2-DOM and MHSC3-DOM
> Administrative and Technical contact
> ____________________________________________
> InterNIC Id: MHSC hostmaster (HM239-ORG)
> e-mail: <mailto:hostmaster@mhsc.com>mailto:hostmaster@mhsc.com
> web -pages: <http://www.mhsc.com/>http://www.mhsc.com/
> ____________________________________________
> A group of politicians deciding to dump a President because his morals
> are bad is like the Mafia getting together to bump off the Godfather for
> not going to church on Sunday.
> -- Russell Baker
>
Zachary McGibbon
mzac@uunet.ca
|
