Specifications

ManualsBrandsCabletron Systems ManualsNetwork CardE2100

201

202

203

204

205

206

207

208

209

210

Network Security

It is recommended to securely archive the private and public keys stored in

/etc/ssh/ externally. In this way, key modiﬁcations can be detected and

the old ones can be used again after a new installation. This spares users the

unsettling warning. If it is veriﬁed that, despite the warning, it is indeed the

correct SSH server, the existing entry regarding this system will have to be

removed from ~/.ssh/known_hosts.

SSH Authentication Mechanisms

Now the actual authentication will take place, which, in its simplest form,

consists of entering a password as mentioned above. The goal of SSH was

to introduce a secure software that is also easy to use. As it is meant to

replace rsh and rlogin programs, SSH must also be able to provide an au-

thentication method good for daily use. SSH accomplishes this by way of

another key pair generated by the user. The SSH package also provides a

help program, ssh-keygen, for this. After entering ssh-keygen -t rsa

or ssh-keygen -t dsa, the key pair will be generated and you will be

prompted for the base ﬁle name in which to store the keys:

Enter file in which to save the key (/home/newbie/.ssh/id_rsa):

Conﬁrm the default setting and answer the request for a passphrase. Even

if the software suggests an empty passphrase, a text from ten to thirty char-

acters is recommended for the procedure described here. Do not use short

and simple words or phrases. Conﬁrm by repeating the passphrase. Sub-

sequently, you will see where the private and public keys are stored, in our

example, the ﬁles id_rsa and id_rsa.pub.

Enter same passphrase again: Your identification has been

saved in /home/newbie/.ssh/id_rsa Your public key has been

saved in /home/newbie/.ssh/id_rsa.pub. The key fingerprint is:

79:c1:79:b2:e1:c8:20:c1:89:0f:99:94:a8:4e:da:e8 newbie@sun

Use ssh-keygen -p -t rsa or ssh-keygen -p -t dsa to change your

old passphrase.

Copy the public key component (id_rsa.pub in our example) to the remote

machine and save it there at the location ~/.ssh/authorized_keys2. You

will be asked to authenticate yourself with your passphrase the next time you

establish a connection. If this does not occur, verify the location and contents

of these ﬁles.

In the long run, this procedure is more troublesome than giving your pass-

word each time. Therefore, the SSH package provides another tool, the

193SuSE Linux – Firewall on CD2