From owner-freebsd-isp@FreeBSD.ORG Wed Oct 8 07:56:15 2008 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 27D9A106569A for ; Wed, 8 Oct 2008 07:56:15 +0000 (UTC) (envelope-from mario@schmut.com) Received: from mail.schmut.com (mail.schmut.com [66.92.49.2]) by mx1.freebsd.org (Postfix) with SMTP id F3F738FC13 for ; Wed, 8 Oct 2008 07:56:14 +0000 (UTC) (envelope-from mario@schmut.com) Received: (qmail 69079 invoked by uid 89); 8 Oct 2008 07:29:32 -0000 Received: from zippy.schmut.com (192.168.23.4) by snoopy.schmut.com (tmda-ofmipd) with ESMTP; Wed, 08 Oct 2008 00:29:31 -0700 To: freebsd-isp@freebsd.org Date: Wed, 8 Oct 2008 00:29:31 -0700 User-Agent: KMail/1.9.6 (enterprise 0.20070907.709405) References: <009b01c928e9$fbe1f3b0$6500a8c0@hal> <48EC29B2.3010509@radel.com> <0b6701c92915$ac7153d0$6500a8c0@hal> In-Reply-To: <0b6701c92915$ac7153d0$6500a8c0@hal> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200810080029.31645.mario@schmut.com> X-Delivery-Agent: TMDA/1.1.12 (Macallan) From: Mario Theodoridis X-Primary-Address: mario@schmut.com X-Schmut-Approved: yes Cc: lists Subject: Re: ssh to remote machines using authorized keys X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Mario Theodoridis List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Oct 2008 07:56:15 -0000 On Wednesday 08 October 2008 12:15:42 am lists wrote: > Thanks Jon > > > If you're going to do that a lot, you can set a default in > > ~systemuser/.ssh/config to specify that all connections to root@remote > > should default to using root's private key. > > If you don't mind I would like you to clarify the steps to address the > config above > > The machine I am ssh ing from is local > The machine I am ssh ing to is remote > > To do as above, do I create a .~ssh/config file with the following > contents on the local machine and restart sshd /etc/rc.d/sshd restart > > Host remote.domainname #which is the connection name I am assuming > User root > Port 22 > HostName remote.domainname # which is the hostname of the remote machine > > I am not sure what the permissions should be though. Do they need to be > changed? do I need to change the /root/.ssh/id_rsa and id_rsa.pub to > the systemuser? or should they stay the same. Or do I change the > authorized_keys permissions The error I am getting is a permission denied > which makes me think that I need to change some of the permissions. > Currently the perms are 600 on both the /root/.ssh/id_rsa and id_rsa.pub > and the /home/systemuser/authorized_keys These are the permissions on my system: #ll ~/.ssh/ total 24 drwx------ 2 root wheel 512 Sep 11 00:05 . drwxr-xr-x 30 root wheel 2048 Oct 8 00:21 .. -rw-r--r-- 1 root wheel 1838 Jan 29 2008 authorized_keys -rw------- 1 root wheel 883 Jul 23 2006 id_rsa -rw-r--r-- 1 root wheel 232 Jul 23 2006 id_rsa.pub -rw-r--r-- 1 root wheel 12503 Sep 30 22:46 known_hosts Note the lack of group writability in the home directory. These are the same for every user, i.e. root is not special in this respect. So when i want to ssh to user@remote.system then ~user/.ssh/authorized_keys on remote.system needs to contain my id_rsa.pub. Hope this sums it up. mario;>