l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2002 Nov 16 23:01

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] How can I configure SSH for passwordless auth?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] How can I configure SSH for passwordless auth?



Then ssh asks for the passphrase for the key. If you can guess that, you
get a prompt on my home system. (or Ken's home system, or wherever you
were going)

So, the key is only as secure as the passphrase. The moral of the story:
don't use easily-guessible passphrases!

On Thu, Nov 14, 2002 at 09:03:28PM -0800, Mark K. Kim wrote:
> Hmm... so...
> 
> Let's say the permissions were set so that I could copy your encrypted key
> to my directory.  Then I ssh out to Ken's home system.  Then what happens?
> 
> Thanks!
> 
> -Mark
> 
> 
> On Thu, 14 Nov 2002, Samuel Merritt wrote:
> 
> > There's a program called ssh-agent that takes care of just this problem.
> > The keys are stored encrypted on disk with a passphrase; you run
> > ssh-agent, and it creates a process and a socket that ssh processes can
> > connect to in order to get the decrypted keys. You run ssh-add <keyfile>
> > and enter the passphrase, and then you can ssh anywhere using that key
> > without needing the passphrase again.
> >
> > It's not quite completely passwordless, but it avoids the problem of
> > storing keys in the clear on disk.
> >
> >
> > On Thu, Nov 14, 2002 at 06:38:00PM -0800, Mark K. Kim wrote:
> > > Hmm...  Not an expert here, but...
> > >
> > > If you setup the system so you can login from CSIF to your home machine
> > > without password checking then anyone who works for CSIF can become you
> > > and access your home machine as you... right?
> > >
> > > I guess the same would apply if someone can read your key ring so... set
> > > the permissions correctly.
> > >
> > > -Mark
> > >
> > >
> > > On Thu, 14 Nov 2002, Samuel Merritt wrote:
> > >
> > > > On Thu, Nov 14, 2002 at 12:26:40PM -0800, Ken Bloom wrote:
> > > > > I'd like to be able to login to my account in the CSIF lab with the
> > > > > standard DSA or RSA mechanism in SSH so that I don't have to enter a
> > > > > password when I log in. I've tried following the directions on the ssh
> > > > > manpage, and the ssh-agent manpage to no avail.
> > > > >
> > > > > Can someone give me directions how to configure this? My username is the
> > > > > same on both systems, and my goal is to turn this into a bidirectional
> > > > > process, so I can connect to CSIF from my computer or connect to my
> > > > > computer from CSIF.
> > > >
> > > > The CSIF uses commercial SSH, not OpenSSH.
> > > >
> > > > First, you'll need to convert your public key to SECSH format.
> > > > "ssh-keygen -e -f public_key_file" is the tool for this job.
> > > >
> > > > Then, on the CSIF, create ".ssh2" in your $HOME, if it isn't already
> > > > there. Put your SECSH-format public key into $HOME/.ssh2/some_filename
> > > > and then put the line "key some_filename" into
> > > > $HOME/.ssh2/authorization.
> > > >
> > > > That'll get you set up for public-key authenticated logins to the CSIF.
> > > > Coming from the CSIF is largely the same process, but in reverse.
> > > >
> > > > --
> > > > Samuel Merritt
> > > > OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc
> > > > Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/
> > > >
> > >
> > > --
> > > Mark K. Kim
> > > http://www.cbreak.org/
> > > PGP key available upon request.
> > >
> > > _______________________________________________
> > > vox-tech mailing list
> > > vox-tech@lists.lugod.org
> > > http://lists.lugod.org/mailman/listinfo/vox-tech
> >
> > --
> > Samuel Merritt
> > OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc
> > Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/
> >
> 
> -- 
> Mark K. Kim
> http://www.cbreak.org/
> PGP key available upon request.
> 
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

-- 
Samuel Merritt
OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc
Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/

Attachment: pgp00007.pgp
Description: PGP signature



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.