04-15-2009
Hi,
I might be totally wrong but as far as I know, you should not need a key at all except you need public key authentication - eg for running automated scripts?
The known_hosts entry should be made automatically once you confirm your connection when you try to connect first and the server is not known by your system?
In our environments we need to connect between different kinds of authentication (nis + and boks) - so we need access routes defined on our authentication servers - but no keys at all. Maybe you have a similar environment?
Rgds
zxmaus
10 More Discussions You Might Find Interesting
1. Cybersecurity
I'm not sure if this is appropriate for the forum, but I figured it was security related, so here goes...
I'm writing an anlaysis for my group about moving some of the old internet protocols (rsh, rlogin, etc...) to the SSH suite of tools. An outside security group recommended a commercial... (7 Replies)
Discussion started by: jalburger
7 Replies
2. Solaris
Hi,
I would like to login from a Sun server running ssh:
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
to
ssh: SSH Secure Shell 3.0.1 on sparc-sun-solaris2.6
How can I achieve this?
Thanks a million in advance (1 Reply)
Discussion started by: newbewie
1 Replies
3. Programming
I couldn't compile this code in gcc (SUSE Linux) 4.3.1 20080507.
got me these!
sniffer.c: In function ‘int CreateRawSocket(int)':
sniffer.c:16: error: ‘htons' was not declared in this scope
sniffer.c: In function ‘int BindRawSocketToInterface(char*, int, int)':
sniffer.c:31: error: ‘bzero'... (2 Replies)
Discussion started by: galaxy.ice
2 Replies
4. UNIX for Dummies Questions & Answers
I have a FreeBSD server on my home network. It is hooked to the router with an Ethernet cable. Both the server and the router are in the basement. The other computers in the house are upstairs, wireless. So the server's local IP address is set outside the wireless pool, and suppose it's... (1 Reply)
Discussion started by: gabi
1 Replies
5. Solaris
I set the RETRIES and DISABLETIME in /etc/default/login on 2 systems:
- 1 Solaris 9 system running Sun SSH
- 1 Solaris 9 system running Openssh 5.2 P1
I expected that after n failed logins, the login process will hang for n seconds.
It does when the attempted login is done at the console... (8 Replies)
Discussion started by: jabentay
8 Replies
6. Solaris
hi All,
We tried to establish a connection from OpenSSH3.8.1 running on Windows Box to SunSSH-1.1 running on Solaris 10. Please see the debug statements.
C:\Documents and Settings\sadmin\.ssh>ssh sadmin@10.4.3.8 -v -v -v
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading... (2 Replies)
Discussion started by: venusunil
2 Replies
7. UNIX for Advanced & Expert Users
Hi all,
I have a Solaris 10 server with SUN_SSH_1.1 installed.
I want to restrict a user via SFTP to only be able to access one directory. I've written a little script in .profile which works perfectly for an ssh login but it appears sftp doesn't read the .profile file so it doesn't work.
... (2 Replies)
Discussion started by: Donkey25
2 Replies
8. Solaris
My one Sun machine is not able to ssh another machine of Sun. Although I have configured the ssh successfully
( SunOS sunbox2 5.9 Generic_118558-34 sun4u sparc SUNW,Sun-Blade-2500 )
ERROR
bash-2.05# ssh sunbox2
/etc/ssh/ssh_config: line 34: Bad configuration option: PermitRootLogin... (0 Replies)
Discussion started by: z_haseeb
0 Replies
9. Solaris
which should i prefer to install in my system openssh or ssh package provided by SUN by default. can i have two packages installed at the same time? (2 Replies)
Discussion started by: chidori
2 Replies
10. Red Hat
There was a security analysis run on one server which has RHEL 5.8 installed and it is showing security vulnerabilities with respect to ssh in OpenSSH with reference no CVE-2007-4752. The vulnerability solution in the security report is showing solution as below:
1) Download and apply the... (3 Replies)
Discussion started by: RHCE
3 Replies
AUTH(8) System Manager's Manual AUTH(8)
NAME
changeuser, wrkey, convkeys, printnetkey, status, auth.srv, guard.srv - maintain authentication databases
SYNOPSIS
auth/changeuser [-np] user
auth/wrkey
auth/convkeys [-p] keyfile
auth/printnetkey user
auth/status user
auth/auth.srv
auth/guard.srv
DESCRIPTION
These administrative commands run only on the authentication server. Changeuser manipulates an authentication database file system served
by keyfs(4) and used by file servers. There are two authentication databases, one holding information about Plan 9 accounts and one hold-
ing SecureNet keys. A user need not be installed in both databases but must be installed in the Plan 9 database to connect to a Plan 9
service.
Changeuser installs or changes user in an authentication database. It does not install a user on a Plan 9 file server; see fs(8) for that.
Option -p installs user in the Plan 9 database. Changeuser asks twice for a password for the new user. If the responses do not match or
the password is too easy to guess the user is not installed.
Option -n installs user in the SecureNet database and prints out a key for the SecureNet box. The key is chosen by changeuser.
If neither option -p or option -n is given, changeuser installs the user in the Plan 9 database.
Changeuser prompts for biographical information such as email address, user name, sponsor and department number and appends it to the file
/adm/netkeys.who or /adm/keys.who.
Wrkey prompts for a machine key, host owner, and host domain and stores them in local non-volatile RAM.
Convkeys re-encrypts the key file keyfile. Re-encryption is performed in place. Without the -p option convkeys uses the key stored in
/dev/keys to decrypt the file, and encrypts it using the new key. By default, convkeys prompts twice for the new password. The -p forces
convkeys to also prompt for the old password. The format of keyfile is described in keyfs(4).
Printnetkey displays the network key as it should be entered into the hand-held Securenet box.
Status is a shell script that prints out everything known about a user and the user's key status.
Auth.srv is the program, run only on the authentication server, that handles ticket requests on IL port 566. It is started by an incoming
call to the server requesting a conversation ticket; its standard input and output are the network connection. Auth.srv executes the
authentication server's end of the appropriate protocol as described in auth(6).
Guard.srv is similar. It is called whenever a foreign (e.g. Unix) system wants to do a SecureNet challenge/response authentication.
FILES
/adm/keys.who
List of users in the Plan 9 database.
/adm/netkeys.who
List of users in the SecureNet database.
SOURCE
/sys/src/cmd/auth
SEE ALSO
keyfs(4), securenet(8)
AUTH(8)