ssh-keys questions - Page 1

Septagram

Asked: 2011-11-25 04:12:36 +0800 CST

Why is SSH password authentication a security risk?

73

Most guides for OpenSSH configuration advise to disable password authentication in favor of key-based authentication. But in my opinion password authentication has a significant advantage: an ability to connect from absolutely anywhere without a key. If used always with a strong password, this should not be a security risk. Or should it?

user962449

Asked: 2011-10-23 11:24:10 +0800 CST

how do you create an ssh key for another user?

126

I'm trying to create an ssh key for another user. I'm logged in as root. Can I just edit the files generated by ssh-keygen and change root to the user I want?

Samuel Edwin Ward

Asked: 2011-10-14 06:01:26 +0800 CST

"Add correct host key in known_hosts" / multiple ssh host keys per hostname?

200

Trying to ssh into a computer I control, I'm getting the familiar message:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
[...].
Please contact your system administrator.
Add correct host key in /home/sward/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/sward/.ssh/known_hosts:86
RSA host key for [...] has changed and you have requested strict checking.
Host key verification failed.

I did indeed change the key. And I read a few dozen postings saying that the way to resolve this problem is by deleting the old key from the known_hosts file.

But what I would like is to have ssh accept both the old key and the new key. The language in the error message ("Add correct host key") suggests that there should be some way to add the correct host key without removing the old one.

I have not been able to figure out how to add the new host key without removing the old one.

Is this possible, or is the error message just extremely misleading?

Justin

Asked: 2011-09-02 14:33:05 +0800 CST

SSH Allow Password For One User, Rest Only Allow Public Keys [duplicate]

74

Is it possible with ssh to allow passwords from a certain user, but deny using passwords for everybody else?

Basically I want to allow password auth for user justin but everybody else must use public keys.

PasswordAuthentication no

Seems to be global though, no way to specify by user.

Jon

Asked: 2010-02-25 02:57:39 +0800 CST

What's the difference between authorized_keys and authorized_keys2?

175

Just wanted a quick summary of the differences between them and why there are two?

Why is SSH password authentication a security risk?

how do you create an ssh key for another user?

"Add correct host key in known_hosts" / multiple ssh host keys per hostname?

SSH Allow Password For One User, Rest Only Allow Public Keys [duplicate]

What's the difference between authorized_keys and authorized_keys2?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Questions[ssh-keys](server)