[clue-admin] User setup for "member" accounts

Collins Richey crichey at gmail.com
Sun Jan 2 15:18:51 MST 2005 

On Sun, 2 Jan 2005 15:09:07 -0700, Jed S. Baer <thag at frii.com> wrote:
> On Sun, 2 Jan 2005 14:29:56 -0700
> Collins Richey wrote:
> 
> > A summary of what I've found thus far:
> >
> > 1. We've already determined that we want public key authentication.
> 
> Yeah, but I wonder if there's any way to enforce that. It's sort of a
> catch-22, because members will need to use password authentication to
> transfer their public ssh key to the CLUE server to start with.
> 
> [ snipping what I don't know what to say about ]


Yeah, I was wondering about that.

> 
> > 4. Much of the googling I've done recommends using the scponly shell
> > (< version 4.0 has security problems) and/or its chroot jail. Do we
> > want to pursue this path? If someone wants to install the software,
> > I'll be happy to check it out. The question is, do we need this, or is
> > the solution in 2. adequate?
> 
> If it's available as an RPM, you can install it easily enough yourself.
> Try 'yum list scponly'. BTW, I'm against installing from source, as it
> makes admining the box more difficult -- but that's a whole 'nother topic.
> If it comes down to that, I'll generate an RPM file.
> 

Can I do yum from sudo? Or does it require real root access? Also, I
don't want to get into "adding garbage software to the server" since
I'm not the admin. What's your opinion. Should Bob do this? I'm quite
comfortable with screwing up my own system and fixing it, but ...

> > On a related topic. My understanding of ssh and key authentication is
> > too limited at this point. Currently I'm just using standard password
> > authentication when I ssh to the CLUE server, but I would like to
> > switch to public key authentication. The one wrinkle is, I have a
> > multi-boot system - one system is gentoo the other is slack. When I
> > generate a private/public key pair, can I simply copy my private key
> > to ~/.ssh/authorized keys on both my systems so that I can login using
> > the public key I've copied to my CLUE server account?
> 
> The authorized_keys[2] file goes on the destination server. As long as
> your /home/username/.ssh directory, under both boots has the .ssh
> directory with the id_rsa or id_dsa file, I think you'l be ok, unless
> there's some system-id stuff encoded into the private key. But I don't
> think that's the case. (Maybe nodename?)
> 

OK, I'll try it.

-- 
 Collins

More information about the clue-admin mailing list