From owner-freebsd-security Thu Aug 12 9:20:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from uni-sb.de (uni-sb.de [134.96.252.33]) by hub.freebsd.org (Postfix) with ESMTP id E46591581C for ; Thu, 12 Aug 1999 09:20:38 -0700 (PDT) (envelope-from netchild@Vodix.CS.Uni-SB.de) Received: from work.net.local (maxtnt-025.telip.uni-sb.de [134.96.70.152]) by uni-sb.de (8.9.3/1999070600) with ESMTP id SAA04348; Thu, 12 Aug 1999 18:19:58 +0200 (CEST) X-Authentication-Warning: uni-sb.de: Host maxtnt-025.telip.uni-sb.de [134.96.70.152] claimed to be work.net.local Received: from Vodix.CS.Uni-SB.de (localhost.net.local [127.0.0.1]) by work.net.local (8.9.3/8.9.3) with ESMTP id RAA01161; Thu, 12 Aug 1999 17:49:26 +0200 (CEST) (envelope-from netchild@Vodix.CS.Uni-SB.de) Message-Id: <199908121549.RAA01161@work.net.local> Date: Thu, 12 Aug 1999 17:49:25 +0200 (CEST) From: A.Leidinger@WJPServer.CS.Uni-SB.de Subject: Re: SSH on FreeBSD. To: Bigby Findrake Cc: chrisk@tpgi.com.au, freebsd-security@FreeBSD.ORG In-Reply-To: MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 12 Aug, Bigby Findrake wrote: >> Would it be possible to setup my FreeBSD boxes to work in a similar way to r* >> utils, so i can do ssh myhost.mydomain.com and be presented with a shell on the >> remote machine, with the appropriate authentication pre-configured? > > Sure. I do it. What I do is use RSA keys. Use the ssh-keygen utility > that installs with the ssh package to generate a RSA key for a user. When > it prompts you for a password for the RSA key, hit return. By default > this installs the key pair(public & private) into > $HOME/.ssh/{identity,identity.pub. Put the public key > ($HOME/.ssh/identity.pub) into the target machine, in the target user's > $HOME/.ssh/authorized_keys. Make sure the target machine is running sshd, > and that /etc/sshd_config says "RSAAuthentication yes". Now you can ssh > from the source machine to the target machine without a password IF you > didn't specify a password for the RSA key on the source machine. If you didnt want to use it from a cronjob (or anything other non interactive) you could use ssh-agent and ssh-add. I've configured my xdm-login to start my X session with ssh-agent. In my .xsession I have the ssh-add command, it asks me at login time for my password for the RSA key. /usr/X11R6/lib/X11/xdm/Xsession: [...] ---snip--- startup=$HOME/.xsession resources=$HOME/.Xresources if [ -f "$startup" ]; then exec ssh-agent "$startup" else if [ -f "$resources" ]; then xrdb -load "$resources" fi exec ssh-agent xsm fi ---snip--- $HOME/.xsession: ---snip--- #!/bin/-sh # loading default X resources xrdb -merge .Xresources # ssh-passwd if [ $?SSH_AGENT_PID ]; then ssh-add 2>&1 /dev/null fi ---snip--- > host1> tar -czf - /file1 /file2 | ssh host2 -l some_user "cd /backup_dir \ > ; tar -xzf -" What about "ssh username@host2 ..."? Bye, Alexander. P.S.: It's also possible to use it in a non interactive environment, but you have to do tricky/nasty things. -- Animal testing is futile: they always get nervous and give the wrong answers. http://netchild.home.pages.de A.Leidinger+Home @ WJPServer.CS.Uni-SB.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message