Re: [PLUG] ssh question

epike on Fri, 22 Nov 2002 14:40:06 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ssh question

From: epike@isinet.com

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] ssh question

Date: Fri, 22 Nov 2002 14:22:18 -0500 (EST)

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

hi! your simplest option is trusted-host authentication, using /etc/hosts.equiv, /etc/shosts.equiv, ~/.shosts and ~/.rhosts. HOWEVER this is EXTREMELY dangerous. simply put, any hostnames you put in these files will make the computer trust the the computer (login without password if they have same usernames). There are variations on which hosts are/are not allowed but thats the basic idea of trusted-host authentication-- that is, trusting another machine based on IP addresses, host names, and user names --- any of these are easilly subverted. The other idea is to use public key / private key authentication. My procedure is (borrowing from my notes) (openssh): ------------------------------------------------------------- openssh - installing public key on server ---------------------------------------- JondZ Wed Nov 20 14:52:20 EST 2002 1. use ssh-keygen on client to generate ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub 2. copy id_rsa.pub line to server's ~/.ssh/authorized_keys ------------------------------------------------------------- hope this helps! It will also help to read the SSH book although its a very confusing book. Just the part where it discusses public/private keys and why its more secure than passwords would really help. It took me 2 weeks to digest that idea but its really illuminating. e pike > > Hummm, that's not what _I'm_ trying to do. > > I want to start ssh and NOT get a password prompt if > I'm connecting as the same user on the other computer. > > What options work then? > > I've done "man [ssh|sshd|ssh-agent]" and I'm just not > understanding how it works. Any options I change make no > difference or stop me from connecting altogether. > > Where do I go to understand more about how to configure > ssh|sshd to get what I want? "sshd for Dummies"? > Eric > > > On Fri, Nov 22, 2002 at 01:37:23PM -0500, epike@isinet.com wrote: > > > The server may still prompt for a password but if you lock the > > > password they can never authenticate. 'passwd -l <username>' > > > > > > I believe they should still be able to access the account via the > > > public key authentication. > > > > Thanks it works! sshd still prompts for password but user can't > > go in without private/public authentication. > > > > e pike > > _________________________________________________________________________ > > Philadelphia Linux Users Group -- http://www.phillylinux.org > > Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce > > General Discussion -- http://lists.netisland.net/mailman/listinfo/plug > > -- > # Eric Allan Lucas > # "Oh, I have slipped the surly bond of earth > # And danced the skies on laughter-silvered wings.. > # -- John Gillespie Magee Jr. > _________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce > General Discussion -- http://lists.netisland.net/mailman/listinfo/plug > _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

References:

Re: [PLUG] ssh question
From: "eric@lucii.org" <eric@lucii.org>

Prev by Date: Re: [PLUG] ssh question

Next by Date: Re: [PLUG] ssh question

Previous by thread: Re: [PLUG] ssh question

Next by thread: Re: [PLUG] ssh question

Index(es):

Date

Thread