Date: Thu, 12 Aug 1999 17:49:25 +0200 (CEST) From: A.Leidinger@WJPServer.CS.Uni-SB.de To: Bigby Findrake <bigby@shiva.eu.org> Cc: chrisk@tpgi.com.au, freebsd-security@FreeBSD.ORG Subject: Re: SSH on FreeBSD. Message-ID: <199908121549.RAA01161@work.net.local> In-Reply-To: <Pine.BSF.4.05.9908120325340.5932-100000@shiva.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12 Aug, Bigby Findrake wrote:
>> Would it be possible to setup my FreeBSD boxes to work in a similar way to r*
>> utils, so i can do ssh myhost.mydomain.com and be presented with a shell on the
>> remote machine, with the appropriate authentication pre-configured?
>
> Sure. I do it. What I do is use RSA keys. Use the ssh-keygen utility
> that installs with the ssh package to generate a RSA key for a user. When
> it prompts you for a password for the RSA key, hit return. By default
> this installs the key pair(public & private) into
> $HOME/.ssh/{identity,identity.pub. Put the public key
> ($HOME/.ssh/identity.pub) into the target machine, in the target user's
> $HOME/.ssh/authorized_keys. Make sure the target machine is running sshd,
> and that /etc/sshd_config says "RSAAuthentication yes". Now you can ssh
> from the source machine to the target machine without a password IF you
> didn't specify a password for the RSA key on the source machine.
If you didnt want to use it from a cronjob (or anything other
non interactive) you could use ssh-agent and ssh-add.
I've configured my xdm-login to start my X session with ssh-agent. In
my .xsession I have the ssh-add command, it asks me at login time for my
password for the RSA key.
/usr/X11R6/lib/X11/xdm/Xsession:
[...]
---snip---
startup=$HOME/.xsession
resources=$HOME/.Xresources
if [ -f "$startup" ]; then
exec ssh-agent "$startup"
else
if [ -f "$resources" ]; then
xrdb -load "$resources"
fi
exec ssh-agent xsm
fi
---snip---
$HOME/.xsession:
---snip---
#!/bin/-sh
# loading default X resources
xrdb -merge .Xresources
# ssh-passwd
if [ $?SSH_AGENT_PID ]; then
ssh-add 2>&1 </dev/null >/dev/null
fi
---snip---
> host1> tar -czf - /file1 /file2 | ssh host2 -l some_user "cd /backup_dir \
> ; tar -xzf -"
What about "ssh username@host2 ..."?
Bye,
Alexander.
P.S.: It's also possible to use it in a non interactive environment, but
you have to do tricky/nasty things.
--
Animal testing is futile: they always get nervous and give the wrong answers.
http://netchild.home.pages.de A.Leidinger+Home @ WJPServer.CS.Uni-SB.de
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908121549.RAA01161>