Salix Forums

Thanks to JRD we could create a first repository at his server: http://alcoholix.enialis.net/

I will make a ssh account to this directory and generate a private key.
I will post it here, so trusted users could use it to upload stuff on it with filezilla/gftp/scp, ...

Easier for now, isn't it ?

Yes!

JRD wrote:I will make a ssh account to this directory and generate a private key.
I will post it here, so trusted users could use it to upload stuff on it with filezilla/gftp/scp, ...

Easier for now, isn't it ?

Please don't post it to the forum. Use private messages or e-mail. Maybe users will join here, that are not really trusted yet.

Hum...it's the invert in fact I think. Trusted users must provide me their public key and I will add this to .ssh/authorized_keys file.

Is there a way to use a certificate to authenticate instead of a password ? How doing such a thing ?

What about this as a starting point: I'm using it myself in my public sshd config.

Hum ok, but I just need to remove the password in /etc/passwd when everybody has add his own public key in authorized_keys. And I like to login as root on that machine

If you need root access you can always just SSH into the computer and then su. Of course that's an extra step, but if it improves security it might be worth it. I probably still wouldn't do it though, as I'm pretty lazy like that.

I like to avoid the su step because it breaks X Forwarding. But for outside public SSH access the connection is anyway to slow for X Forwarding.
I think the PermitRoot no thing is more like security by obscurity. Something that blocks of those generic script kiddies.

Shador wrote:I think the PermitRoot no thing is more like security by obscurity. Something that blocks of those generic script kiddies.

By permitting root, you give those kiddies a valid username and the only thing they have to discover is the password. Makes their job a lot easier.