l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 24: LUGOD election season has begun!
Page last updated:
2002 Nov 14 21:05

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] How can I configure SSH for passwordless auth?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] How can I configure SSH for passwordless auth?



There's a program called ssh-agent that takes care of just this problem.
The keys are stored encrypted on disk with a passphrase; you run
ssh-agent, and it creates a process and a socket that ssh processes can
connect to in order to get the decrypted keys. You run ssh-add <keyfile>
and enter the passphrase, and then you can ssh anywhere using that key
without needing the passphrase again. 

It's not quite completely passwordless, but it avoids the problem of
storing keys in the clear on disk. 


On Thu, Nov 14, 2002 at 06:38:00PM -0800, Mark K. Kim wrote:
> Hmm...  Not an expert here, but...
> 
> If you setup the system so you can login from CSIF to your home machine
> without password checking then anyone who works for CSIF can become you
> and access your home machine as you... right?
> 
> I guess the same would apply if someone can read your key ring so... set
> the permissions correctly.
> 
> -Mark
> 
> 
> On Thu, 14 Nov 2002, Samuel Merritt wrote:
> 
> > On Thu, Nov 14, 2002 at 12:26:40PM -0800, Ken Bloom wrote:
> > > I'd like to be able to login to my account in the CSIF lab with the
> > > standard DSA or RSA mechanism in SSH so that I don't have to enter a
> > > password when I log in. I've tried following the directions on the ssh
> > > manpage, and the ssh-agent manpage to no avail.
> > >
> > > Can someone give me directions how to configure this? My username is the
> > > same on both systems, and my goal is to turn this into a bidirectional
> > > process, so I can connect to CSIF from my computer or connect to my
> > > computer from CSIF.
> >
> > The CSIF uses commercial SSH, not OpenSSH.
> >
> > First, you'll need to convert your public key to SECSH format.
> > "ssh-keygen -e -f public_key_file" is the tool for this job.
> >
> > Then, on the CSIF, create ".ssh2" in your $HOME, if it isn't already
> > there. Put your SECSH-format public key into $HOME/.ssh2/some_filename
> > and then put the line "key some_filename" into
> > $HOME/.ssh2/authorization.
> >
> > That'll get you set up for public-key authenticated logins to the CSIF.
> > Coming from the CSIF is largely the same process, but in reverse.
> >
> > --
> > Samuel Merritt
> > OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc
> > Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/
> >
> 
> -- 
> Mark K. Kim
> http://www.cbreak.org/
> PGP key available upon request.
> 
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

-- 
Samuel Merritt
OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc
Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/

Attachment: pgp00006.pgp
Description: PGP signature



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.