Restricting ssh

[Donald Russell]

On Thu, Jan 6, 2011 at 15:45, Sam Varshavchik <mrsam at courier-mta.com> wrote:

> Timothy Murphy writes:
>
>  I have an sshd server running on a machine in Ireland.
>>
>> Can I configure it so that it only accepts connection
>> from certain machines, wherever they may be in the world?
>>
>
> In sshd_config set:
>
> PasswordAuthentication no
>
> Then, on the machines that you wish to allow connections from, in each
> account you wish to connect, run ssh-keygen to generate a keypair. This will
> create id_rsa and id_rsa.pub (or id_dsa and id_dsa.pub) in $HOME/.ssh (with
> permissions set appropriately), then append the contents of id_rsa.pub or
> id_dsa.pub to the $HOME/.ssh/authorized_keys2 file on the server that you
> want to connect TO.
>
>

There are ssh commands that make that process even easier...
Once you have your public/private key pair...

eval $(ssh-agent)
ssh-add
ssh-copy-id <remote system>

You'll be prompted for the password at the remote system so it can copy the
keys across, if that's successful, you won't need the password anymore.

I added these to my ~/.bash_profile
eval $(ssh-agent)
ssh-add

I get prompted once for my ssh key passphrase and after that I don't get
prompted for password anymore for the systems I ssh to.
(You can also not use an ssh key passphrase but I'm not quite that
paranoia-free. :-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20110107/bb22bfaf/attachment-0001.html