[pca] pca proxy server offer

[Ron Halstead]

The passphrase can be null. but as Don says, it is less secure. However, 
since the ssh session is one time per patch cycle only, and since I run 
it manually, I use a passphrase. The client side doesn't use ssh, so it 
can be cron'ed easily. Note also that we use rsa and not dsa. I was told 
(?) that it is more secure. I accepted that and did not verify it. The 
-f is not needed since the default directory to store the keys is ~.ssh.

__________________________
Ron Halstead




Don O'Malley wrote:
> FYI - Just to add a little bit more info on ssh key generation in 
> Solaris:
>
> You can generate a ssh keys in Solaris using the following command:
>
> # ssh-keygen -t dsa -f ~/.ssh/id_dsa
>
> The command will ask you some questions, if you like you can leave the
> password field blank, which will make things a little easier, but offers
> less security.
>
> Once the command is run, it should have generated a public key:
> ~/.ssh/id_dsa.pub
>
> HTH,
> -Don
>
> Ron Halstead wrote:
>> If anyone is interested, I have scripted a pca proxy server setup, 
>> both the server side and the client side with supporting files and 
>> the httpd.conf file. I can tar it up and mail it to anyone who cares. 
>> Or if Martin would like to host it, I can send it to him.
>>
>> It requires that root have an ssh key and the id_rsa.pub file be in 
>> every client's /root/.ssh/authorized_keys.
>>
>> The scripts have been approved for use in my (very paranoid) company 
>> and will be shortly implemented. It has been thoroughly tested both 
>> in my home network and on my company's test network. It just works (tm).
>>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rdhalstead.vcf
Type: text/x-vcard
Size: 354 bytes
Desc: not available
Url : https://lists.univie.ac.at/mailman/private/pca/attachments/20081207/344fc8ed/attachment.vcf