Difference between revisions of "Talk:SSH keys"

From ArchWiki
Jump to: navigation, search
(Using pam_ssh module: new section)
Line 1: Line 1:
 
Maybe the default 2048 bit rsa key is better?[[User:Vogt|Vogt]] 01:54, 31 August 2008 (EDT)
 
Maybe the default 2048 bit rsa key is better?[[User:Vogt|Vogt]] 01:54, 31 August 2008 (EDT)
 +
 +
I have just completed a tidyup, this including removing the section on connection control as I deemed it irrelivant. If needed, it is available in [http://wiki.archlinux.org/index.php?title=Using_SSH_Keys&oldid=66756#SSH_connection_control the history]. [[User:Thelucster|Thelucster]] 13:51, 13 April 2009 (EDT)
  
 
== sshd_config ==
 
== sshd_config ==
Line 6: Line 8:
 
In this case - you need root-access to the server! - you have to change the configuration-file. Mostly you can find it as /etc/ssh/sshd_config.
 
In this case - you need root-access to the server! - you have to change the configuration-file. Mostly you can find it as /etc/ssh/sshd_config.
 
If the last line(s) of this file read(s): 'AllowUsers  <username>', you will have to add a similar line with your own username. Don't forget to restart the ssh deamon: '/etc/init.d/sshd restart'.
 
If the last line(s) of this file read(s): 'AllowUsers  <username>', you will have to add a similar line with your own username. Don't forget to restart the ssh deamon: '/etc/init.d/sshd restart'.
 
 
bdheeman: IMHO using a personal and overly modified prompt ''''mith@middleearth||[[~]]:~ >'''' can quite confusing for newbies.
 
  
 
== Using pam_ssh module ==
 
== Using pam_ssh module ==

Revision as of 17:51, 13 April 2009

Maybe the default 2048 bit rsa key is better?Vogt 01:54, 31 August 2008 (EDT)

I have just completed a tidyup, this including removing the section on connection control as I deemed it irrelivant. If needed, it is available in the history. Thelucster 13:51, 13 April 2009 (EDT)

sshd_config

Sometimes the 'ssh-add' is not enough to log in without a password. It is possible that ssh is configured in such way that only a limited group of users is allowed to the machine. In this case - you need root-access to the server! - you have to change the configuration-file. Mostly you can find it as /etc/ssh/sshd_config. If the last line(s) of this file read(s): 'AllowUsers <username>', you will have to add a similar line with your own username. Don't forget to restart the ssh deamon: '/etc/init.d/sshd restart'.

Using pam_ssh module

I just want to add that one could also use the pam_ss module, available here http://pam-ssh.sourceforge.net/ or in the AUR to decrypt the ssh key on login and automatically start ssh-agent and add the keys. This way one would have a truely password less ssh session and in the same way not compromise security by using a passphrase less key.