From owner-freebsd-stable@FreeBSD.ORG Thu Aug 14 17:02:14 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8BDE9106564A for ; Thu, 14 Aug 2008 17:02:14 +0000 (UTC) (envelope-from spomerg@cwu.EDU) Received: from scylla.cts.cwu.edu (scylla.cts.cwu.edu [198.104.67.151]) by mx1.freebsd.org (Postfix) with ESMTP id 7E9D18FC1B for ; Thu, 14 Aug 2008 17:02:14 +0000 (UTC) (envelope-from spomerg@cwu.EDU) Received: from CONVERSION-CWU-DAEMON.SCYLLA.CTS.CWU.EDU by SCYLLA.CTS.CWU.EDU (PMDF V6.4 #31640) id <01MYCFAYLMF40002WN@SCYLLA.CTS.CWU.EDU> for freebsd-stable@freebsd.org; Thu, 14 Aug 2008 10:02:14 -0700 (PDT) Received: from hermes.cwu.edu (hermes.cwu.edu [172.16.21.28]) by SCYLLA.CTS.CWU.EDU (PMDF V6.4 #31640) with ESMTP id <01MYCFAYDTR40009UL@SCYLLA.CTS.CWU.EDU> for freebsd-stable@freebsd.org; Thu, 14 Aug 2008 10:02:13 -0700 (PDT) Received: from cwugate1-MTA by hermes.cwu.edu with Novell_GroupWise; Thu, 14 Aug 2008 10:02:13 -0700 Date: Thu, 14 Aug 2008 10:02:11 -0700 From: Gavin Spomer To: freebsd-stable@freebsd.org Message-id: <48A402A3020000900001C178@hermes.cwu.edu> MIME-version: 1.0 X-Mailer: Novell GroupWise Internet Agent 7.0.3 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: quoted-printable Content-disposition: inline Subject: Re: ssh-keygen between SuSE and FreeBSD X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2008 17:02:14 -0000 >=20 >>> Pollywog 08/14/08 9:32 AM >>> > On Thursday 14 August 2008 15:29:27 Gavin Spomer wrote: > > >>> Lyndon Nerenberg 08/13/08 7:10 PM >>> > > > > > > You need to start an ssh-agent on the machine you're connecting from = and > > > populate it with your keychain: > > > > > > eval `ssh-agent` > > > ssh-add > > > > > > Add the above to your .profile, or check the Linux PAM implementation= to > > > see if it has ssh session support. > > > > > > --lyndon > > > > Thanks. > > > > That made it possible for me to ssh from SuSE server to FreeBSD = server, but > > now when I ssh from my Mac to SuSE server it wants a password now: > > > > Enter passphrase for /home/myusername/.ssh/id_rsa: > > > > I read the FreeBSD handbook section "14.11.7 ssh-agent and ssh-add" = and > > don't have anything much more intelligent to say but "I don't = understand". > > ;) > > > > Questions: > > > > 1. If the ssh-agent and ssh-add utilities load the keys into = memory, > > they'd be wiped if I rebooted? >=20 > Yes, rebooting will take the keys out of memory and you would need to=20 > use 'ssh-add' on the command line to put the keys and passphrase in = memory. > The 'ssh-add -D' command removes the keys when you are done but are = not=20 > logging out. >=20 > > > > 2. Is #1 why I'd add it to my ~/.profile? >=20 > This is so that ssh-agent is set when you login at a console. I don't = know=20 > about Mac but some Linux distributions have session scripts so that this = is=20 > done for you when you start a KDE session. I don't believe ~/.profile = will=20 > be read unless you login at a console or xterm or similar. >=20 > When you add stuff to your ~/.profile, I recommend doing it on a = separate=20 > account first. I once added those lines on a Linux system and was = locked out=20 > on that account but I was able to get in with another account, su to = root,=20 > and remove the lines in the affected user ~/.profile and then I was no = longer=20 > locked out. > > > > 3. How am I able to ssh (without a password) from my Mac to SuSE = server > > or Mac to FreeBSD server when I don't have "eval `ssh-agent`" and = "ssh-add" > > in my .profile on my Mac? >=20 > You can do 'ssh-agent bash' followed by 'ssh-add' but this will not work = until=20 > you have generated your SSH keys with: >=20 > ssh-keygen -t rsa -b 1024 > or > ssh-keygen -t dsa -b 1024 >=20 > or similar. Until you do that, you have to use your login password and = cannot=20 > use a passphrase since you have not set one. Setting the passphrase is = part=20 > of the process of generating your SSH keys. >=20 > BTW I do not know if you are using the "keychain" utility. Be very = careful=20 > with it. It can be confusing. I found it inconvenient to use and no = longer=20 > use it. >=20 > There are some fine SSH tutorials online, I believe "OnLamp" has some. = Just=20 > make sure they are not more than about 3 yrs old. All good information. Thanks. I will save this for future reference. :)