[Gllug] SSH key authentication revisited
Richard Jones
rich at annexia.org
Wed Apr 9 14:20:12 UTC 2003
On Wed, Apr 09, 2003 at 02:42:12PM +0100, Neil Fryer wrote:
> Just found the problem, silly me, I forgot to copy the actual id_dsa key
> across, works now, thanks all.
Not sure if this is right.
This is how it SHOULD be configured:
On your desktop machine
-----------------------
Generate private/public keypair, with a suitably strong passphrase.
Private key = .ssh/id_dsa, Public key = .ssh/id_dsa.pub
.ssh/id_dsa STAYS RIGHT WHERE IT IS, AND GOES NOWHERE!!
Run ssh-agent. A good place to run it is from your .xinitrc script. In
my script I have something like this:
#!/bin/sh -
# Contents of ~/.xinitrc
exec ssh-agent wmx
(Note that Debian already runs ssh-agent before the window manager).
Log out and log in, then do:
ssh-add
and type in your passphrase.
On the remote machines you want access to
-----------------------------------------
Copy .ssh/id_dsa.pub (the PUBLIC key) across to the machine, somehow.
You might end up doing this by mail, telnet, ssh-with-password or even
sneakernet.
Append this key (it's a single line) to .ssh/authorized_keys2 on
that machine.
Check it works
--------------
>From your desktop machine you should be able 'ssh remotemachine'
with no password or passphrase. If not, do 'ssh -v remotemachine'
and post the results here.
If you have problems jumping from one machine to another, eg.
'ssh remotemachine1' followed by 'ssh remotemachine2', then edit
/etc/ssh/ssh_config on your desktop and do:
Host remotemachine1
ForwardX11 yes
ForwardAgent yes
However you should only do this if you trust remotemachine1 because it
exposes your X server and ssh-agent for the period of the connection.
Rich.
--
Richard Jones, Red Hat Inc. (London) and Merjis Ltd. http://www.merjis.com/
http://www.annexia.org/ Freshmeat projects: http://freshmeat.net/users/rwmj
PTHRLIB is a library for writing small, efficient and fast servers in C.
HTTP, CGI, DBI, lightweight threads: http://www.annexia.org/freeware/pthrlib/
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list