Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 8 Oct 2008 00:29:31 -0700
From:      Mario Theodoridis <mario@schmut.com>
To:        freebsd-isp@freebsd.org
Cc:        lists <technical@halenet.com.au>
Subject:   Re: ssh to remote machines using authorized keys
Message-ID:  <200810080029.31645.mario@schmut.com>
In-Reply-To: <0b6701c92915$ac7153d0$6500a8c0@hal>
References:  <009b01c928e9$fbe1f3b0$6500a8c0@hal> <48EC29B2.3010509@radel.com> <0b6701c92915$ac7153d0$6500a8c0@hal>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wednesday 08 October 2008 12:15:42 am lists wrote:
> Thanks Jon
>
> > If you're going to do that a lot, you can set a default in
> > ~systemuser/.ssh/config to specify that all connections to root@remote
> > should default to using root's private key.
>
> If you don't mind I would like you to clarify the steps to address the
> config above
>
> The machine I am ssh ing from is local
> The machine I am ssh ing to is remote
>
> To do as above, do  I create a .~ssh/config file with the following
> contents on the local machine and restart sshd /etc/rc.d/sshd restart
>
> Host remote.domainname  #which is the connection name I am assuming
> User root
> Port 22
> HostName remote.domainname   # which is the hostname of the remote machine
>
> I am not sure what the permissions should be though.  Do they need to be
> changed?  do I need to change the /root/.ssh/id_rsa    and   id_rsa.pub to
> the systemuser? or should they stay the same.  Or do I change the
> authorized_keys permissions  The error I am getting is a permission denied
> which makes me think that I need to change some of the permissions.
> Currently the perms are 600 on both the /root/.ssh/id_rsa  and   id_rsa.pub
> and the /home/systemuser/authorized_keys

These are the permissions on my system:

#ll ~/.ssh/
total 24
drwx------   2 root  wheel    512 Sep 11 00:05 .
drwxr-xr-x  30 root  wheel   2048 Oct  8 00:21 ..
-rw-r--r--   1 root  wheel   1838 Jan 29  2008 authorized_keys
-rw-------   1 root  wheel    883 Jul 23  2006 id_rsa
-rw-r--r--   1 root  wheel    232 Jul 23  2006 id_rsa.pub
-rw-r--r--   1 root  wheel  12503 Sep 30 22:46 known_hosts

Note the lack of group writability in the home directory. These are the same 
for every user, i.e. root is not special in this respect.

So when i want to ssh to user@remote.system then
~user/.ssh/authorized_keys on remote.system needs to contain my id_rsa.pub.

Hope this sums it up.

mario;>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810080029.31645.mario>