Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
Old 8th April 2009
Nk2Network Nk2Network is offline
Port Guard
Join Date: Jan 2009
Posts: 43


When I look in my file /etc/ssh/ default key rsa , for activated the key Rsa I just changed shhd_conf in removing the argument #
Reply With Quote
Old 8th April 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 6,220

I do not understand your previous posting. Are you asking a question about public key use?

If so:

Server keys for SSH (all /etc/ssh/*key* files) are created automatically the very first time you boot OpenBSD after installation. These are used to authenticate the SSH server with SSH clients.

Client keys are created with ssh-keygen(1).

Here is a simple "how to" to switch from password authentication to public key authentication -- I hope it is clear to you once you run it through a translation into French:

  1. You disable password authentication. Public key encryption is enabled by default.
  2. A user generates her own pair of keys -- one is private, the other is public. She may do this on her own, remote system.
  3. The user sends her public key to you, if necessary.
  4. You install the public key in her account, if necessary, or she does it herself, if she is local.
How to:
  1. Edit /etc/ssh/sshd_config:
    Change "#PasswordAuthentication yes" to "PasswordAuthentication no"
  2. The user generates her key. If she's using OpenSSH, she uses ssh-keygen:
    $ ssh-keygen -t rsa -N "the pass phrase she will use with her private key"
  3. If she is remote, she sends you only the public key. (She keeps the private key on her remote system.) Any method may be used to transfer the public key to your system, including e-mail, web page, or posting on a forum. This half of the pair is safe to submit via any method. The private key is not transmitted.
  4. She, or you, place the public key into her .ssh directory:
    $ cd /path/to/her/home/directory
    $ cp /path/to/her/public/key/file .ssh/authorized_keys
She can now log on via public key authentication. Neither of you need ever send passwords back and forth.

Last edited by jggimi; 8th April 2009 at 04:11 PM. Reason: removed mkdir of .ssh directory, should not be necessary when users are added via adduser(8).
Reply With Quote
Old 8th April 2009
Nk2Network Nk2Network is offline
Port Guard
Join Date: Jan 2009
Posts: 43


thank you very much for your help

Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ZFS root and linproc 7.2-RC1 wnsi FreeBSD Installation and Upgrading 0 20th April 2009 06:54 PM
NTOP as root sniper007 FreeBSD Security 0 27th January 2009 07:42 PM
Wheel Can't su root MetalHead OpenBSD General 2 22nd November 2008 12:44 AM
Run daemon as other user than root phreud FreeBSD General 8 11th November 2008 04:11 AM
root mail sheriff26 FreeBSD General 5 2nd July 2008 04:56 PM

All times are GMT. The time now is 01:51 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick