Sunday, May 5, 2024
Homepage · ssh
 Popular · Latest · Hot · Upcoming
3
rated 0 times [  3] [ 0]  / answers: 1 / hits: 782  / 2 Years ago, mon, may 23, 2022, 5:31:22

There is a person A and person B, other of them has each other ssh public key, so that means they can access each others shell.



now they can access each others private ssh and gpg private keys. and they can easily export and them the private keys to themselves.



is there a way that they can not access these keys or not able to export them.



Is there a way to restrict them from accessing each other ~/.gnugp and ~/.ssh folder



Thanks in Advance



EDIT
ok i try with my 2 computers
i accessed my system with my laptop



amr@amr-Notebook:~$ ssh [email protected]

[email protected]'s password: 

Welcome to Ubuntu 12.04.1 LTS (GNU/Linux 3.2.0-29-generic-pae i686)



 * Documentation:  https://help.ubuntu.com/



11 packages can be updated.

0 updates are security updates.





The programs included with the Ubuntu system are free software;

the exact distribution terms for each program are described in the

individual files in /usr/share/doc/*/copyright.



Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by

applicable law.



rusty@rusty-MS:~$ exit

logout

Connection to 192.168.1.8 closed.

amr@amr-Notebook:~$ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

[email protected]'s password: 

Now try logging into the machine, with "ssh '[email protected]'", and check in:



  ~/.ssh/authorized_keys



to make sure we haven't added extra keys that you weren't expecting.



amr@amr-Notebook:~$ ssh [email protected]

Welcome to Ubuntu 12.04.1 LTS (GNU/Linux 3.2.0-29-generic-pae i686)



 * Documentation:  https://help.ubuntu.com/



11 packages can be updated.

0 updates are security updates.



Last login: Sat Sep  8 21:01:06 2012 from amr-notebook.local

rusty@rusty-MS:~$ 

rusty@rusty-MS:~$ cd .ssh/

rusty@rusty-MS:~/.ssh$ ls

authorized_keys  id_rsa  id_rsa.pub

rusty@rusty-MS:~/.ssh$


i accessed my desktop from my laptop just my shh and password



then i logedout and then send my public key to desktop system



then i tried again with ssh and this time it just let me in



and as u can see above i can easily access desktop systems ssh folder and see all the keys



now is there a way that i am not able to access my desktop .ssh folder and no access to desktop public and private keys



Thanks


More From » ssh
 Answers
1

Given your example, with two people and two computers, there should be four accounts:




  • On Rusty's desktop: ~rusty/ and ~shiny/


  • and on Shiny's laptop: ~rusty/ and ~shiny/




On the desktop you could have ~rusty's private key and public key; and ~/shiny's public key



On the laptop you could have ~rusty's public key and ~shiny's public and private key



Rusty can ssh into his own account on the laptop, and Shiny can ssh from the laptop to the desktop.



Shiny can't see rusty's private key since he can't get into rusty's desktop account, and rusty can't see shiny's private key since he can't get into shiny's laptop account. Without the private keys, they cannot log in to each others accounts even if they have the corresponding public keys.



Each system's administrator (or root) can see into each of these accounts, but as long as that is Rusty for the desktop and Shiny for the laptop, and they haven't added each other to the sudoers group they still can't see each other's secret private key.



Remember, it is always OK to send any public key to anyone--that's not a security problem.


[#35679] Tuesday, May 24, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
arbaour
Add To Favorites
Follow
Total Points: 346
Total Questions: 115
Total Answers: 105
Location: Oman
Member since Wed, Apr 12, 2023
1 Year ago
;