[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenSSH configuration question

To: Joey McAlerney <joey@silicondefense.com>
Subject: Re: OpenSSH configuration question
From: Hans Insulander <hin@stacken.kth.se>
Date: 24 Mar 2000 09:39:45 +0100
Cc: misc@openbsd.org
References: <38DAB6BE.76991A6F@silicondefense.com>
User-Agent: Gnus/5.070098 (Pterodactyl Gnus v0.98) Emacs/20.5

Joey McAlerney <joey@silicondefense.com> writes:

> I am running sshd with RhostsRSAAuthentication turned on.  When I pass
> through a firewall during an ssh, the source port gets bumped up to a
> non-privilaged range, so sshd won't allow the connection.  From what I
> gather from the man pages (and I'm hoping I haven't missed anything),
> there is not option to add to the sshd config file to allow connections
> from non-privilaged ports.
> 
> The only way around this that I can think of is to change the ipnat
> rules in the firewall.  I'm not really the administrator of that box, so
> would like to avoid this.
> 
> Any thoughts?

Can't you use RSA keys in your homedirectory? To use do the following:

1. On your local machine, generate keys with 'ssh-keygen'
2. Copy the generated public ~/.ssh/identity.pub from your local machine
   to ~/.ssh/authorized_keys on the remote machine
3. Then start an authentication agent with 'eval `ssh-agent`' (bash syntax)
4. Authenticate to the auth agent with 'ssh-add'

This is better and more secure IMO.

-- 
--- Hans Insulander <hin@stacken.kth.se>, SM0UTY -----------------------
This is my .signature. There are many like it, but this one is mine.

References:
- OpenSSH configuration question
  - From: Joey McAlerney <joey@silicondefense.com>

Prev by Date: Re: Anyone know if OpenBSD 2.1 source CD is on-line somewhere ?
Next by Date: Re: resource limits
Prev by thread: OpenSSH configuration question
Next by thread: Anyone know if OpenBSD 2.1 source CD is on-line somewhere ?
Index(es):
- Date
- Thread