Back

Additional comments to
"Secure remote login using SSH"

Last update: 2003/11/4
Since 2000/7/4
    Inside
  1. Agent (2011/4/25)
  2. Security problem with Public-key Authentication
  3. scp
  4. ftp via port-forwarding
  5. Misc. (2003/11/5)

  1. Agent

    1. Authentication agent is available with Public-key authentication, which makes remote login easy.
        % eval `ssh-agent`;ssh-add

    2. To enale forwarding the authentication agent connection,
      • change "ForwardAgent" to "yes" in /etc/ssh/ssh_config or ~/.ssh/ssh_config .
      • Login with '% ssh -A remote
      To enabled agent forwarding, security matter should be considered.

  2. Security problem with Public-key authentication

    1. At key-generation time
      Never omit passphrase.
      Key will be created even if you enter just return-key. This Private-key is not protected with passphrase. This means if somebody get your Private-key, he can access any hosts you can access using that key.

    2. Windows NT
      Change access permission of Private-key file and make inaccessible for anyone.

  3. scp

    4. Wild chracter for file name is available for local file.
    When you want to copy several files into dir directory in soleil,

  4. ftp via port-forwarding

    5. Requirement to the hosts
    1. remote host
      "ftp" is allowed to "localhost". Sample of /etc/hosts.allow line is as follows. Suppose HOSTNAME as soleil.
        in.ftpd: localhost soleil
    2. local host
      "sshdfwd" is allowed to "localhost". Sample of /etc/hosts.allow line is as follows. Suppose port-number is 12345.
        shdfwd-12345: localhost

  5. Misc.

    6. Public-key authentication was rejected bacause the permission of a home directory ($HOME) was 770 . -- I changed to 750, then worked. (OpenSSH_3.5, 2003/11/4)