Re: SSH mentor needed :-)

Subject: Re: SSH mentor needed :-)
From: cdowns (cdowns@skillsoft.com)
Date: Thu Sep 21 2000 - 17:58:52 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Jon: "Mouse question..."
• Previous message: Jeff Ross: "LaserWriter IIG mac --> ip address"
• In reply to: Jeff Ross: "Re: SSH mentor needed :-)"
• Next in thread: Andrew Diller: "Re: SSH mentor needed :-)"
• Reply: cdowns: "Re: SSH mentor needed :-)"

Jeff Ross wrote:

> I think I need to back up one more step. What command do I use to start ssh
> and have it forward X11? Do I need to be running X and have an xterm open?
>
> Thanks!
>
> Jeff
>
> ----------
> >From: dsbelile <dsbelile@mediaone.net>
> >To: yellowdog-general@lists.yellowdoglinux.com
> >Subject: Re: SSH mentor needed :-)
> >Date: Wed, Sep 20, 2000, 8:42 PM
> >
>
> > an rpm install would be at : /etc/ssh/sshd.config edit it so that :
> >
> > passwd authuentication = no
> > x11forwarding = yes
> >
> > your dir persmissions should be 0700 for .ssh
> > and 0644 for authorized_keys inside the .ssh dir.
> >
> > like ~home/.ssh/auhtorized_keys
> >
> > if no one has told you... when you setup and client for ssh copy identity.pub
> > to your ~home/.ssh dir and :
> >
> > mv identity.pub authorized_keys
> >
> > hope this helps....
> >
> > Jeff Ross wrote:
> >
> >> Hi--
> >>
> >> If someone can tell me just exactly how you use ssh to forward X11, I would
> >> be forever grateful. I know I'm missing something obvious, but I am missing
> >> it...
> >>
> >> Thanks in advance,
> >>
> >> Jeff Ross
> >> Cheyenne, WY
> >

well , do you mean like (ssh whereever.com) ? and to start remote X you need a
couple of things like an entry in the hosts table and xhost + but be careful with
this ..... i mean this. this enable your machine to accept remote x sessions. but
if you are tunneled you should be ok. obviousy xhost - shuts the service down. (
disables i should say ). here is a cut and paste of my dir on my local machine:

-rw-r--r-- 1 cdowns cdowns 3394 Sep 20 11:29 .screenrc
drwx------ 2 cdowns cdowns 4096 Sep 21 10:59 .ssh
-rw-rw-r-- 1 cdowns cdowns 4096 Sep 20 15:30 .user.rdb

and in the dir .ssh:

[root@dwarf_1 .ssh]# ls -l
total 12
-rw------- 1 cdowns cdowns 529 Sep 21 10:39 identity
-rw------- 1 cdowns cdowns 333 Sep 21 10:34 identity.pub
-rw-r--r-- 1 cdowns cdowns 349 Sep 21 10:59 known_hosts
[root@dwarf_1 .ssh]#

it is not recommended to have chmod 0644 and i apologize for i wrote that that to
you incorrectly :) chmod 0600 is correct.

here is a cut and paste of sshd.config:

# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes <-------------- here
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes

------------------------cut for brevity-------------------------------------

# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes < ------------ here

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no <------------- here
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
#SkeyAuthentication no

i hope this helps... if you have anymore questions please feel free to write back
:

this is aiming for :
[cdowns@dwarf_1 cdowns]$ ssh chip.skillsoft.com
Enter passphrase for RSA key 'cdowns@dwarf_1':

this is 100% rsa authentication ... this is what you want. you do not want rsh
authentication......

chris

• Next message: Jon: "Mouse question..."
• Previous message: Jeff Ross: "LaserWriter IIG mac --> ip address"
• In reply to: Jeff Ross: "Re: SSH mentor needed :-)"
• Next in thread: Andrew Diller: "Re: SSH mentor needed :-)"
• Reply: cdowns: "Re: SSH mentor needed :-)"

This archive was generated by hypermail 2a24 : Thu Sep 21 2000 - 18:01:34 MDT