Matt Mossholder on 10 Jun 2009 20:58:49 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Pros and cons of key-pair based vs password based SSH...

----- "Paul L. Snyder" <> wrote:

> On Wed, 10 Jun 2009, zuzu wrote:
> > The nice thing about key-based ssh logins is remote tab-completion.
> > (e.g. tab-completing an scp command)
> Actually, it's possible to get remote tab completion using
> password-based
> authentication (without, in fact, typing your password every time) if
> you
> enable the 'ControlMaster' option in your ssh_config.  This sets ssh
> up to
> use connection multiplexing.
> Thus, open an ssh session to the remote host, and as long as at least
> one
> session remains open you won't have to authenticate other sessions to
> the
> same host (including the transient ones for completion).  Also, this
> makes
> opening multiple connections faster, too, as the subsequent ones don't
> have
> to reauthenticate (making this good for pubkey auth, as well).
> One thing to note is that if the ssh session doesn't shut down cleanly
> you
> might have to wipe the contents of your ControlPath directory before
> multiplexing will work again.
> Paul

Tab completion can be enabled for any host, as long as you are willing to have your ~/.ssh/known_hosts file be in the clear, rather than the newly defaulted obfuscated format. You can also enable hosts for auto-completion by adding them to your ~/.ssh/config file. The last way I know of is to switch things around to use /etc/hosts to bash_completion.

You can enable the clear-text known_hosts by setting 'HashKnownHosts no' in /etc/ssh/ssh_config. Note that this potentially allows an attacker to enumerate the hosts most likely to have keys...

The bash_completion mod for /etc/hosts is (not by me!):

complete_hosts() {
COMPREPLY=( $( compgen -W ‘$( command grep -v ^# /etc/hosts )’ — ${COMP_WORDS[COMP_CWORD]} ) );
complete -F complete_hosts ping
complete -F complete_hosts ssh

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --