SSH security question

[ron.peterson at yellowbank.com (Ron Peterson)]

John Chambers wrote:
> 
> Mar 27 11:56:38 kendy sshd[4329]: Failed rsa for jc from 18.62.1.54 port 1002
> Mar 27 11:56:46 kendy sshd[4329]: Failed password for jc from 18.62.1.54 port 1002

Are you using md5 digest passwords?  If so, you need to compile ssh
using --with-md5-passwords to allow password based authentication.  You
won't be able to authenticate using RSA (or DSA) unless you properly
create and exchange key info between the machines.  Or you could
authenticate passwords in /etc/passwd via PAM, but you have to compile
support for that also using --with-pam.

I.E. ssh will try to authenticate any way it knows how.  RSA, DSA, and
password authentication, and other methods as well, may be used to
authenticate.  So you don't need to bother setting up RSA if you want to
use password authentication. Well, you'll probably want to have both RSA
and DSA host keys in /etc/ssh/, but that usually happens automatically
at installation.

RSA or DSA are nice to use, though.  I prefer DSA.  See 'man ssh-keygen'
for info on creating your own public/private keypairs.  I like to set up
certain machines I manage with passwordless keys, so I can do things
like have cron run rsync to keep my data backed up between machines (via
ssh of course).

-Ron-
GPG and other info at: http://www.yellowbank.com/
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).