From owner-freebsd-questions  Mon Feb 11  0: 4:17 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from raiden.jasnetworks.net (raiden.jasnetworks.net [65.194.248.251])
	by hub.freebsd.org (Postfix) with ESMTP id 024D137B400
	for <freebsd-questions@freebsd.org>; Mon, 11 Feb 2002 00:04:15 -0800 (PST)
Received: from works ([192.168.0.2])
	by raiden.jasnetworks.net (8.11.6/8.11.6) with ESMTP id g1B85nD17553
	for <freebsd-questions@freebsd.org>; Mon, 11 Feb 2002 03:05:50 -0500 (EST)
	(envelope-from raiden23@netzero.net)
Message-Id: <4.2.0.58.20020211025832.0097f840@pop.netzero.net>
X-Sender: raiden23@pop.netzero.net (Unverified)
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 
Date: Mon, 11 Feb 2002 03:08:56 -0500
To: freebsd-questions@freebsd.org
From: Lord Raiden <raiden23@netzero.net>
Subject: SSH and SecureCRT
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

	Ok, I'm to the point where I'm beyond stumped on this.  I've been playing 
with this, but I'm unsure of how to attack this.  I'm trying to setup one 
of our boxes to be as limited access as possible without totally locking it 
down, and one of the things we're doing is to limit who has open SSH access 
to the box.  I'm using Marty Schlacter's firewall building guide 
(http://www.schlacter.net:8500/public/FreeBSD-STABLE_and_IPFILTER.html) as 
a reference for setting up my rules to do just that.  His rules setup SSH 
in such a way that either you have the private key on your system, or the 
SSHD won't accept any connections from you.  I like that.  SO instead of 
the machine advertising its DSA keys to the world, only those who I want to 
connect to the computer can, and only via SSH.

	Now here's my problem.  I'm currently using SecureCRT 3.x as our SSH 
client and I'm beyond stumped as to how to get it to set the private key 
for that connection so I can use it to connect to the server while locking 
out those who I don't want to have access.  SecureCRT has a section for a 
public key, nothing for a private key, and I can't get it to take the DSA 
key that I have for the system and use it.  Anyone know how to do this or 
do I need to resort to using a different program if this one won't do 
that?  Thanks for the help.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message