From owner-freebsd-stable@FreeBSD.ORG Thu Aug 14 16:43:30 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E341A1065674 for ; Thu, 14 Aug 2008 16:43:30 +0000 (UTC) (envelope-from mh@kernel32.de) Received: from crivens.kernel32.de (crivens.terrorteam.de [81.169.171.191]) by mx1.freebsd.org (Postfix) with ESMTP id B36B58FC23 for ; Thu, 14 Aug 2008 16:43:30 +0000 (UTC) (envelope-from mh@kernel32.de) Received: from kernel32.de (localhost [127.0.0.1]) by crivens.kernel32.de (Postfix) with ESMTP id 8AF60B0297; Thu, 14 Aug 2008 18:43:28 +0200 (CEST) MIME-Version: 1.0 Date: Thu, 14 Aug 2008 18:43:28 +0200 From: Marian Hettwer To: Gavin Spomer In-Reply-To: <48A3ED37020000900001C154@hermes.cwu.edu> References: <48A3ED37020000900001C154@hermes.cwu.edu> Message-ID: X-Sender: mh@kernel32.de User-Agent: RoundCube Webmail/0.1-rc2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Cc: freebsd-stable@freebsd.org Subject: Re: ssh-keygen between SuSE and FreeBSD X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2008 16:43:31 -0000 Hi Gavin, On Thu, 14 Aug 2008 08:30:47 -0700, Gavin Spomer wrote: >> > > Uh, not sure. Head spinning now. ;) > > 1. I have a Mac, SuSE server and a FreeBSD server. > 2. I can ssh from my Mac to SuSE server without having to type in my > password. > 3. I can ssh from my Mac to FreeBSD server without having to type in my > password. > 4. I can do #2 and #3 above because I ran "ssh-keygen -t rsa" on my Mac > and copied the id_rsa.pub to my ~/.ssh/authorized_keys files on the SuSE > and FreeBSD servers. > 5. I ran the same "ssh-keygen -t rsa" on the SuSE server and copied the > id_rsa.pub to the FreeBSD. > 6. I canNOT ssh from the SuSE server to the FreeBSD server withOUT typing > in my password. > 7. When I ssh from SuSE server to FreeBSD server, I get prompted: > Enter passphrase for key '/home/myusername/.ssh/id_rsa': >From your Suse, try to run the ssh commando with "-v" or even -vv or -vvv to get debugging output. If you can't figure out what the debugging output wants to tell you, send it to the list. But complete, copy 'n' paste please :) I'm not quite sure right now why you're using rsa keys. I'm always using dsa keys (ssh-keygen -t dsa). It comes to my mind, that rsa keys are for ssh version 1, while dsa keys are for ssh version 2. But I could be wrong here ;) No man ssh handy right now, sorry. > 8. I want to be able to ssh from SuSE server to FreeBSD server because I > want to run scp via a cron job. > understood. > I noticed you made a distinction between password and passphrase. Could > you please explain the difference? > Well, when you generate a rsa or dsa key, you get asked to enter a passphrase for that key. So a passphrase is basically the password to your ssh key. While the password is the real password of the local user you're trying to be. Like ssh foo@bar, the password would be the password of the user foo at host bar. And since everybody likes to know wether someone is talking about the "password" of a ssh key or the password of a local user, you say passphrase to keys and password to local users. That's how I would explain it :)) Cheers, Marian