Re: [PLUG] Pros and cons of key-pair based vs password based SSH...

Matt Mossholder on 10 Jun 2009 20:58:49 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Pros and cons of key-pair based vs password based SSH...

From: Matt Mossholder <matt@mossholder.com>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] Pros and cons of key-pair based vs password based SSH...

Date: Thu, 11 Jun 2009 00:01:06 -0400 (EDT)

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

----- "Paul L. Snyder" <plsnyder@drexel.edu> wrote: > On Wed, 10 Jun 2009, zuzu wrote: > > > The nice thing about key-based ssh logins is remote tab-completion. > > (e.g. tab-completing an scp command) > > Actually, it's possible to get remote tab completion using > password-based > authentication (without, in fact, typing your password every time) if > you > enable the 'ControlMaster' option in your ssh_config. This sets ssh > up to > use connection multiplexing. > > Thus, open an ssh session to the remote host, and as long as at least > one > session remains open you won't have to authenticate other sessions to > the > same host (including the transient ones for completion). Also, this > makes > opening multiple connections faster, too, as the subsequent ones don't > have > to reauthenticate (making this good for pubkey auth, as well). > > One thing to note is that if the ssh session doesn't shut down cleanly > you > might have to wipe the contents of your ControlPath directory before > multiplexing will work again. > > Paul Tab completion can be enabled for any host, as long as you are willing to have your ~/.ssh/known_hosts file be in the clear, rather than the newly defaulted obfuscated format. You can also enable hosts for auto-completion by adding them to your ~/.ssh/config file. The last way I know of is to switch things around to use /etc/hosts to bash_completion. You can enable the clear-text known_hosts by setting 'HashKnownHosts no' in /etc/ssh/ssh_config. Note that this potentially allows an attacker to enumerate the hosts most likely to have keys... The bash_completion mod for /etc/hosts is (not by me!): complete_hosts() { COMPREPLY=( $( compgen -W ‘$( command grep -v ^# /etc/hosts )’ — ${COMP_WORDS[COMP_CWORD]} ) ); } complete -F complete_hosts ping complete -F complete_hosts ssh --Matt ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: Re: [PLUG] Pros and cons of key-pair based vs password based SSH...

Next by Date: Re: [PLUG] tcsh, csh, ksh, zsh not pre-installed in Fedora?...

Previous by thread: Re: [PLUG] Pros and cons of key-pair based vs password based SSH...

Next by thread: Re: [PLUG] Pros and cons of key-pair based vs password based SSH...

Index(es):

Date

Thread