On Saturday 30 December 2006 17:27, Colm Buckley wrote:
> On 30/12/06, Timothy Murphy <tim at birdsnest.maths.tcd.ie> wrote:
> > One thing I guess I've never understood
> > is why it is so easy to set up an ssh connection internally,
> > eg if someone brings a laptop into the house.
> > My shorewall policy allows connection from LAN to firewall:
> > loc $FW ACCEPT
> > Does that mean ssh does not look for any authentication in this case?
>> No - the shorewall setting is just limiting the networks which are
> allowed to *connect* to the SSH port. Connection is only the first
> phase of SSH access; once you've connected, it then will go through
> the configured authentication mechanisms.
>> If you're not asked for a password etc, it's probably because you've
> put the public key of the client into the authorized_keys of the
> server.
I do indeed add the public key to authorized_keys , later.
But what puzzles me is that _before_ this,
when I "ssh <machine>" I am just asked
"Do you want to connect to <machine>? Yes/No"
and when I answer yes I am connected.
I admit I always give an empty pass-phrase to ssh-keygen .
Is that a serious mistake?
--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
