From owner-freebsd-stable@FreeBSD.ORG Thu Aug 14 16:32:19 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A0A89106566C for ; Thu, 14 Aug 2008 16:32:19 +0000 (UTC) (envelope-from lists-fbsdstable@shadypond.com) Received: from mailout.easydns.com (mailout.easydns.com [205.210.42.66]) by mx1.freebsd.org (Postfix) with ESMTP id 7318A8FC0C for ; Thu, 14 Aug 2008 16:32:19 +0000 (UTC) (envelope-from lists-fbsdstable@shadypond.com) Received: from guardian.shadypond.com (69-12-173-117.static.humboldt1.com [69.12.173.117]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout.easydns.com (Postfix) with ESMTP id 95D4D4859E for ; Thu, 14 Aug 2008 11:59:52 -0400 (EDT) Received: from slider.shadypond.com (slider.shadypond.com [192.168.1.11]) by guardian.shadypond.com (Postfix) with ESMTPSA id D4B56F1F6 for ; Thu, 14 Aug 2008 16:00:15 +0000 (UTC) From: Pollywog To: freebsd-stable@freebsd.org Date: Thu, 14 Aug 2008 15:59:48 +0000 References: <48A3ECE7020000900001C150@hermes.cwu.edu> In-Reply-To: <48A3ECE7020000900001C150@hermes.cwu.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200808141559.49973.lists-fbsdstable@shadypond.com> Subject: Re: ssh-keygen between SuSE and FreeBSD X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2008 16:32:19 -0000 On Thursday 14 August 2008 15:29:27 Gavin Spomer wrote: > >>> Lyndon Nerenberg 08/13/08 7:10 PM >>> > > > > You need to start an ssh-agent on the machine you're connecting from and > > populate it with your keychain: > > > > eval `ssh-agent` > > ssh-add > > > > Add the above to your .profile, or check the Linux PAM implementation to > > see if it has ssh session support. > > > > --lyndon > > Thanks. > > That made it possible for me to ssh from SuSE server to FreeBSD server, but > now when I ssh from my Mac to SuSE server it wants a password now: > > Enter passphrase for /home/myusername/.ssh/id_rsa: > > I read the FreeBSD handbook section "14.11.7 ssh-agent and ssh-add" and > don't have anything much more intelligent to say but "I don't understand". > ;) > > Questions: > > 1. If the ssh-agent and ssh-add utilities load the keys into memory, > they'd be wiped if I rebooted? Yes, rebooting will take the keys out of memory and you would need to use 'ssh-add' on the command line to put the keys and passphrase in memory. The 'ssh-add -D' command removes the keys when you are done but are not logging out. > > 2. Is #1 why I'd add it to my ~/.profile? This is so that ssh-agent is set when you login at a console. I don't know about Mac but some Linux distributions have session scripts so that this is done for you when you start a KDE session. I don't believe ~/.profile will be read unless you login at a console or xterm or similar. When you add stuff to your ~/.profile, I recommend doing it on a separate account first. I once added those lines on a Linux system and was locked out on that account but I was able to get in with another account, su to root, and remove the lines in the affected user ~/.profile and then I was no longer locked out. > > 3. How am I able to ssh (without a password) from my Mac to SuSE server > or Mac to FreeBSD server when I don't have "eval `ssh-agent`" and "ssh-add" > in my .profile on my Mac? You can do 'ssh-agent bash' followed by 'ssh-add' but this will not work until you have generated your SSH keys with: ssh-keygen -t rsa -b 1024 or ssh-keygen -t dsa -b 1024 or similar. Until you do that, you have to use your login password and cannot use a passphrase since you have not set one. Setting the passphrase is part of the process of generating your SSH keys. BTW I do not know if you are using the "keychain" utility. Be very careful with it. It can be confusing. I found it inconvenient to use and no longer use it. There are some fine SSH tutorials online, I believe "OnLamp" has some. Just make sure they are not more than about 3 yrs old.