Back
Additional comments to
"Secure remote login using SSH"
Last update: 2003/11/4
Since 2000/7/4
Inside
Agent (2011/4/25)
Security problem with Public-key Authentication
scp
ftp via port-forwarding
Misc. (2003/11/5)
- Agent
- Authentication agent is available with Public-key authentication, which makes remote login easy.
% eval `ssh-agent`;ssh-add
- To enale forwarding the authentication agent connection,
- change "ForwardAgent" to "yes" in /etc/ssh/ssh_config or ~/.ssh/ssh_config .
- Login with '% ssh -A remote
To enabled agent forwarding, security matter should be considered.
- Security problem with Public-key authentication
- At key-generation time
Never omit passphrase.
Key will be created even if you enter just return-key. This Private-key is not protected with passphrase. This means if somebody get your Private-key, he can access any hosts you can access using that key.
- Windows NT
Change access permission of Private-key file and make inaccessible for anyone.
- scp
Wild chracter for file name is available for local file.
When you want to copy several files into dir directory in soleil,
- ftp via port-forwarding
Requirement to the hosts
- remote host
"ftp" is allowed to "localhost". Sample of /etc/hosts.allow line is as follows. Suppose HOSTNAME as soleil.
in.ftpd: localhost soleil
- local host
"sshdfwd" is allowed to "localhost". Sample of /etc/hosts.allow line is as follows. Suppose port-number is 12345.
- Misc.
Public-key authentication was rejected bacause the permission of a home directory ($HOME) was 770 . -- I changed to 750, then worked. (OpenSSH_3.5, 2003/11/4)