auth Ques.
Sunil K. Vallamkonda
sunil at redback.com
Sat Jan 13 08:20:05 EST 2001
On Fri, 12 Jan 2001, Pekka Savola wrote:
> On Fri, 12 Jan 2001, Sunil K. Vallamkonda wrote:
> > I have a question on authentication.
> > In openSSH, how do I enable keys based authentication (RSA) ?
> > (Normally a user creates private/public keys, then puts public key on
> > server under ~/.ssh/xxx ). How can this be achieved using openSSH ?
> > I did not see in doc (may be I missed something..).
>
> You should have read ssh(1) man page. Read under Protocol 1 and Protocol
> 2. Key generation and adding it to authorized_keys2 are explained there.
>
> > 1) On server, where should the user's public key be stored (~/.ssh/xxx)?
>
^^^^^^^^
Thank you.
but, Question is:
in auth1.c file,
case: SSH_CMSG_AUTH_RSA
...
<clipped>
is initiated by client only, or
server has control too in setting option
to accept RSA or PASSWORD etc. ?
> See above. authorized_keys and authorized_keys2.
>
> > 2) If RSA fails, does sshd automatically drop down to
> > SSH_CMSG_AUTH_PASSWORD
> > based ? Is this option configurable ?
>
> Yes and yes. Disable those authentication methods in either sshd_config
> or connecting ssh_config/ ~/.ssh/config to tune which methods will be
> tried. The order is fixed.
>
> --
> Pekka Savola "Tell me of difficulties surmounted,
> Netcore Oy not those you stumble over and fall"
> Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
>
>
>
More information about the openssh-unix-dev
mailing list