Re: [PLUG] ssh authentication

Walt Mankowski on Wed, 14 Nov 2001 06:50:19 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ssh authentication

From: Walt Mankowski <waltman@pobox.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] ssh authentication

Date: Wed, 14 Nov 2001 00:41:50 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.2.5i

On Tue, Nov 13, 2001 at 11:21:49PM -0500, Michael Leone wrote: > On Tue, 2001-11-13 at 22:52, Fred K Ollinger wrote: > > Does anyone know how to set up a box so that it can login via ssh > > w/o prompting for a login? I did a reinstall on one of the boxes and it > > no longer allows me to login. I looked up ways to generate an old key and > > I removed an old key on my machine I want to login from. It generated a > > new key which is great, but it needs a passwd each time. > > I did this once. You need to generate and then copy the key of the > machine that you are connecting FROM to the machine you are conencting > TO, in a file called ... ~/.ssh/identity.pub. > > I think. That's not entirely right. Suppose you want to ssh from foo to bar... 1. Generate a public and private keypair with ssh-keygen. You can either create a key without a password, or you can use a password and have ssh-agent send it (see below). Note that if you create a password, if doesn't have to be the same as your password either on foo or bar. 2. Append ~/.ssh/identity.pub on foo to ~/.ssh/authorized_keys on bar Now when you execute "ssh bar" on foo, it will ask you for the password you created in step one. If you left the password blank, you'll be logged in without a password prompt. Not that this isn't necessarily all that insecure, since presumably you needed access to your accounts on both boxes to set up the keys in the first place. Also, a bad guy would need read access to your private key (~/.ssh/identity on foo). If you want to use a password, you can have ssh-agent hold your private key it so that you only have to enter your password once. There are a few different ways to use ssh-agent; here's what I generally do: 3. ssh-agent bash (or your favorite shell) 4. ssh-add Enter the password from step one when prompted. Now when you run "ssh bar", ssh-agent will do the key authentication for you, and you'll log right in without having to reenter your password. Walt
Attachment: pgpMTGojkzunk.pgp
Description: PGP signature

Follow-Ups:

Re: [PLUG] ssh authentication
From: Paul <paul@dpagin.net>

References:

[PLUG] ssh authentication
From: Fred K Ollinger <follinge@sas.upenn.edu>

Re: [PLUG] ssh authentication
From: Michael Leone <turgon@mike-leone.com>

Prev by Date: Re: [PLUG] ssh authentication

Next by Date: Re: [PLUG] Veriizon ADSL

Previous by thread: Re: [PLUG] ssh authentication

Next by thread: Re: [PLUG] ssh authentication

Index(es):

Date

Thread