Need access to a local Linux computer via LAN

[Jeremy C. Reed]

On Mon, 2 Jun 2003, George Gambill wrote:

> Thank you all very much.  SSH is exactly what I was hunting for.  Thanks.
>
> Next question.  When I "ssh -l user ww.xx.yy.zz", I get an error
>    "The authenticity of host 'ww.xx.yy.zz (ww.xx.yy.zz)' can't be
> established.
>    RSA key fingerprint is (and a whole bunch of xx:xx:xx:...xx:xx:xx.)
>    Are you sure you want to continue connecting (yes/no):
>
> if I continue (yes) I get
>
>    "Warning: permanently added 'ww.xx.yy.zz' (RSA) to the list of known
> hosts.

You could manually do that a head of time, by adding that to your
~/.ssh/known_hosts file. This contains the public keys. Look in your
sshd(8) manual page for "SSH_KNOWN_HOSTS FILE FORMAT".

Do you get this message repeated for later logins? (You shouldn't.)

> Then it asks for the root password and lets me in.

Many disable root logins via ssh (by using "PermitRootLogin no" in the
/etc/ssh/sshd_config).

> Reading through the "Red Hat Linux 8 Bible", I find nothing on this.  I am
> thinking that the (and a whole bunch of xx:xx:xx:...xx:xx:xx.) is part of
> the "Secure Connection" associated with SSH and I don't have any security.

It is just to confirm that you are connecting to correct server. It means
you do have security. (In fact, if you connected again and that public key
changed, then it will not let you login.)

> Don't really need it as I am behind a fairly secure firewall (or so we
> think) so the connection is trusted.  But, how should this be done for
> security and is there a good reference of this?

Multiple layers of security is good.

Skim through the sshd, sshd_config, ssh and ssh_config man pages.

   Jeremy C. Reed
   http://www.reedmedia.net/