garyng
09-10-2003, 10:08 AM
Hi,
This problem is not KNOPPIX specific but I hope that there is KNOPPIX user/admin who is also familiar with SSH.
Is there a way to control SSH such that it would only accept a list of login users not just based on passwd but also some public/private key mechanism.
The scenario is this :
I want to setup a kerberos/openldap server. Since these two database would carry the most important information of an organisation, the ideal situation would be that they are located in a locked room with no remote login allowed so there would be no 'root' exposure to the raw data.
However, this would make remote rescue impossible. So to open up a bit(may not be a good idea from security point of view), I want to run SSHD on it. To enhance the security, I want to limit only remote user having a known RSA key, in addition to the standard password login procedure. So only a handful of 'administrators' is allowed to remote admin the system. So even they have the bad habit of writing down password on a paper, it would still be useless unless someone also steal the private key.
Is this possible or can anyone give me some points about sshd ? The man page is very vague.
This problem is not KNOPPIX specific but I hope that there is KNOPPIX user/admin who is also familiar with SSH.
Is there a way to control SSH such that it would only accept a list of login users not just based on passwd but also some public/private key mechanism.
The scenario is this :
I want to setup a kerberos/openldap server. Since these two database would carry the most important information of an organisation, the ideal situation would be that they are located in a locked room with no remote login allowed so there would be no 'root' exposure to the raw data.
However, this would make remote rescue impossible. So to open up a bit(may not be a good idea from security point of view), I want to run SSHD on it. To enhance the security, I want to limit only remote user having a known RSA key, in addition to the standard password login procedure. So only a handful of 'administrators' is allowed to remote admin the system. So even they have the bad habit of writing down password on a paper, it would still be useless unless someone also steal the private key.
Is this possible or can anyone give me some points about sshd ? The man page is very vague.