Repository servers & mirrors
Repository servers & mirrors
Thanks to JRD we could create a first repository at his server: http://alcoholix.enialis.net/
Re: Repository servers & mirrors
I will make a ssh account to this directory and generate a private key.
I will post it here, so trusted users could use it to upload stuff on it with filezilla/gftp/scp, ...
Easier for now, isn't it ?
I will post it here, so trusted users could use it to upload stuff on it with filezilla/gftp/scp, ...
Easier for now, isn't it ?
Re: Repository servers & mirrors
Please don't post it to the forum. Use private messages or e-mail. Maybe users will join here, that are not really trusted yet.JRD wrote:I will make a ssh account to this directory and generate a private key.
I will post it here, so trusted users could use it to upload stuff on it with filezilla/gftp/scp, ...
Easier for now, isn't it ?
Re: Repository servers & mirrors
Hum...it's the invert in fact I think. Trusted users must provide me their public key and I will add this to .ssh/authorized_keys file.
Is there a way to use a certificate to authenticate instead of a password ? How doing such a thing ?
Is there a way to use a certificate to authenticate instead of a password ? How doing such a thing ?
Re: Repository servers & mirrors
What about this as a starting point:
I'm using it myself in my public sshd config.
Code: Select all
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
Re: Repository servers & mirrors
Hum ok, but I just need to remove the password in /etc/passwd when everybody has add his own public key in authorized_keys. And I like to login as root on that machine
Re: Repository servers & mirrors
If you need root access you can always just SSH into the computer and then su. Of course that's an extra step, but if it improves security it might be worth it. I probably still wouldn't do it though, as I'm pretty lazy like that.
Re: Repository servers & mirrors
I like to avoid the su step because it breaks X Forwarding. But for outside public SSH access the connection is anyway to slow for X Forwarding.
I think the PermitRoot no thing is more like security by obscurity. Something that blocks of those generic script kiddies.
I think the PermitRoot no thing is more like security by obscurity. Something that blocks of those generic script kiddies.
Re: Repository servers & mirrors
By permitting root, you give those kiddies a valid username and the only thing they have to discover is the password. Makes their job a lot easier.Shador wrote:I think the PermitRoot no thing is more like security by obscurity. Something that blocks of those generic script kiddies.