Date: Wed, 8 Oct 2008 00:29:31 -0700 From: Mario Theodoridis <mario@schmut.com> To: freebsd-isp@freebsd.org Cc: lists <technical@halenet.com.au> Subject: Re: ssh to remote machines using authorized keys Message-ID: <200810080029.31645.mario@schmut.com> In-Reply-To: <0b6701c92915$ac7153d0$6500a8c0@hal> References: <009b01c928e9$fbe1f3b0$6500a8c0@hal> <48EC29B2.3010509@radel.com> <0b6701c92915$ac7153d0$6500a8c0@hal>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 08 October 2008 12:15:42 am lists wrote: > Thanks Jon > > > If you're going to do that a lot, you can set a default in > > ~systemuser/.ssh/config to specify that all connections to root@remote > > should default to using root's private key. > > If you don't mind I would like you to clarify the steps to address the > config above > > The machine I am ssh ing from is local > The machine I am ssh ing to is remote > > To do as above, do I create a .~ssh/config file with the following > contents on the local machine and restart sshd /etc/rc.d/sshd restart > > Host remote.domainname #which is the connection name I am assuming > User root > Port 22 > HostName remote.domainname # which is the hostname of the remote machine > > I am not sure what the permissions should be though. Do they need to be > changed? do I need to change the /root/.ssh/id_rsa and id_rsa.pub to > the systemuser? or should they stay the same. Or do I change the > authorized_keys permissions The error I am getting is a permission denied > which makes me think that I need to change some of the permissions. > Currently the perms are 600 on both the /root/.ssh/id_rsa and id_rsa.pub > and the /home/systemuser/authorized_keys These are the permissions on my system: #ll ~/.ssh/ total 24 drwx------ 2 root wheel 512 Sep 11 00:05 . drwxr-xr-x 30 root wheel 2048 Oct 8 00:21 .. -rw-r--r-- 1 root wheel 1838 Jan 29 2008 authorized_keys -rw------- 1 root wheel 883 Jul 23 2006 id_rsa -rw-r--r-- 1 root wheel 232 Jul 23 2006 id_rsa.pub -rw-r--r-- 1 root wheel 12503 Sep 30 22:46 known_hosts Note the lack of group writability in the home directory. These are the same for every user, i.e. root is not special in this respect. So when i want to ssh to user@remote.system then ~user/.ssh/authorized_keys on remote.system needs to contain my id_rsa.pub. Hope this sums it up. mario;>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810080029.31645.mario>