Date: Fri, 20 Jan 2006 07:57:49 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Peter <petermatulis@yahoo.ca> Cc: freebsd-questions@freebsd.org, Beech Rintoul <akbeech@gmail.com> Subject: Re: sshd question Message-ID: <43D097FD.6050401@infracaninophile.co.uk> In-Reply-To: <20060120030543.92943.qmail@web60018.mail.yahoo.com> References: <20060120030543.92943.qmail@web60018.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigE96E0F9CA57A2B8821460734
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable
Peter wrote:
> --- Beech Rintoul <akbeech@gmail.com> wrote:
>=20
>> I'm trying to set up ssh to use keys to authenticate on a remote serve=
r.
>> I've=20
>> always used passwords in the past. I generated a key pair and exported=
>> my=20
>> public key to ~/.ssh/authorized_keys on the remote machine. I changed =
>> sshd_config to "PasswordAuthentication no". when I login the remote
>> machine=20
>> still asks for a password. What do I change to just use the key to log=
>> in?=20
>=20
> I'm assuming you do not want to enter anything to log in right? If so,=
> you need a private key with a blank passphrase. It's hard to say from
> here but it may be that you are being prompted for the passphrase to
> unlock your private key.
No, no, no. ssh keys with out pass-phrases are a liability. It really i=
s a
bad idea to do that.
What the OP should do instead is use ssh-agent -- I fire it up from .xses=
sion
when I log into my desktop. Then load your key into the agent:
ssh-add ~/.ssh/id_dsa
which will require you to give the pass phrase. However, that's the one =
and
only time you'll need to do that.
Then when you ssh into a box, it should auth against your key automatical=
ly. If
you take care to always use the '-A' flag when you ssh in:
ssh -A hostname
then you can bounce through several machines, and the auth requests will =
be
relayed back to the ssh-agent on your desktop.[*]
Cheers,
Matthew
[*] Agent forwarding is off by default in /etc/ssh/ssh_config (client sid=
e)
but permitted in /etc/ssh/sshd_config (server side) -- but the -A flag
overrides the client settings.
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enigE96E0F9CA57A2B8821460734
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFD0JgF8Mjk52CukIwRA5L2AJ9Y7lG6el3pqhsnyl5OmzvM1RBHdgCeNajF
Ivpd8p4O7DeOGKdJzZakQYE=
=CYjr
-----END PGP SIGNATURE-----
--------------enigE96E0F9CA57A2B8821460734--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43D097FD.6050401>