| gabriel rosenkoetter on Sat, 10 Aug 2002 18:30:09 +0200 |
|
On Sat, Aug 10, 2002 at 12:51:16PM +0200, Jeff Abrahamson wrote: > I've been using (dsa) keys with ssh. I went to create another key to > use with another host. Why? > But this doesn't work, as ssh has no idea which > private key goes with which host (since I've put different pub keys on > different hosts). Sure it works: instantiate a separate ssh-agent and keep everything with one host under one environment and everything with another host under the other. But you don't need to do this; just ssh-add both keys. One will fail on each host. Oh well, who cares. > want). And then it seems like I can only use those keys from subshells > of ssh-agent, etc. Maybe I'm confused. That's why you call ssh-agent as eval `ssh-agent`. Or you use the attached script (which I happened to write, but it's trivial). You really, really, really want to use ssh-agent. Trust me. You want to exec your X environment as a child of it. You want to be able to do ssh -f <host> xterm & and have an xterm running off the remote host's X server. (While I'm there though, you only want to be able to do that for hosts you trust; Set ForwardAgent and ForwardX11 to no for Host *, set it to yes specifically for hosts you trust.) > It seems I should be able to say "ssh -i id-file host", but I'm still > asked for /etc/passwd's idea of a password, not the keys passphrase. You shouldn't be. There's something wrong with authentication on the host if that's happening. Check the logs (if you can). The problem I've seen most frequently (especially on Linux with its idiotic useradd that makes a group for each user and then RedHats even more idiotic--historical onlyl, I think--/etc/profile that does a umask 002 if your default group matches the owner of your home directory, which makes NO sense at all), is permissions on and in ~/.ssh. That directory must not be group-writeable. Also on the server side, you can do ssh -ddd -p 2022, then on the client side do ssh -vvv -p 2022 <server>. -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgprIU0DOusrk.pgp
|
|