Date: Fri, 20 Jan 2006 03:27:54 -0900 From: Beech Rintoul <akbeech@gmail.com> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: Peter <petermatulis@yahoo.ca>, freebsd-questions@freebsd.org Subject: Re: sshd question Message-ID: <200601200328.08133.akbeech@gmail.com> In-Reply-To: <43D097FD.6050401@infracaninophile.co.uk> References: <20060120030543.92943.qmail@web60018.mail.yahoo.com> <43D097FD.6050401@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1627095.JQZACYY9Bj Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 19 January 2006 22:57, Matthew Seaman wrote: > Peter wrote: > > --- Beech Rintoul <akbeech@gmail.com> wrote: > >> I'm trying to set up ssh to use keys to authenticate on a remote serve= r. > >> I've > >> always used passwords in the past. I generated a key pair and exported > >> my > >> public key to ~/.ssh/authorized_keys on the remote machine. I changed > >> sshd_config to "PasswordAuthentication no". when I login the remote > >> machine > >> still asks for a password. What do I change to just use the key to log > >> in? > > > > I'm assuming you do not want to enter anything to log in right? If so, > > you need a private key with a blank passphrase. It's hard to say from > > here but it may be that you are being prompted for the passphrase to > > unlock your private key. > > No, no, no. ssh keys with out pass-phrases are a liability. It really is > a bad idea to do that. > > What the OP should do instead is use ssh-agent -- I fire it up from > .xsession when I log into my desktop. Then load your key into the agent: > > ssh-add ~/.ssh/id_dsa > > which will require you to give the pass phrase. However, that's the one > and only time you'll need to do that. > > Then when you ssh into a box, it should auth against your key > automatically. If you take care to always use the '-A' flag when you ssh > in: > > ssh -A hostname > > then you can bounce through several machines, and the auth requests will = be > relayed back to the ssh-agent on your desktop.[*] > > Cheers, > > Matthew > > [*] Agent forwarding is off by default in /etc/ssh/ssh_config (client sid= e) > but permitted in /etc/ssh/sshd_config (server side) -- but the -A flag > overrides the client settings. Thanks, my original problem was solved by just starting over with a new key= =20 pair. Must of had a bad key. I ran debug on the server and it said it=20 couldn't read it even though it was there. I'll try the agent today. It'll= =20 require adding a pass-phrase to the key, but that's no problem now that I=20 know all the configs are good. I really don't mind the final default to a=20 password. I just hate to type it all the time. I'm using a long very crypti= c=20 pass and it gets tedious to have to enter it several times. Thanks everyone for the help and suggestions, Beech =2D-=20 =2D------------------------------------------------------------------------= =2D------------- Beech Rintoul - System Administrator - akbeech@gmail.com /"\ ASCII Ribbon Campaign | NorthWind Communications \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - Please visit Alaska Paradise - http://akparadise.byethost33.com =2D------------------------------------------------------------------------= =2D------------- --nextPart1627095.JQZACYY9Bj Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBD0NdXVq19LUoGB+MRAq7TAJ9IWMDys8K41l0IeaHnkT6OzhooqwCghVcp WBqLzL/xtXAUUY4eEY8ofhI= =Jwrc -----END PGP SIGNATURE----- --nextPart1627095.JQZACYY9Bj--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601200328.08133.akbeech>