Date: Thu, 12 Aug 1999 03:35:46 -0700 (PDT) From: Bigby Findrake <bigby@shiva.eu.org> To: chrisk@tpgi.com.au Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH on FreeBSD. Message-ID: <Pine.BSF.4.05.9908120325340.5932-100000@shiva.eu.org> In-Reply-To: <XFMail.990812201030.chris@twilight.tpgi.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 12 Aug 1999, Chris Keladis wrote:
> Hi folks,
>
> I am considering using SSH to tunnel backups over SSH on some FreeBSD boxes.
>
> I havent played with SSH in a while, and i remember last time i did a major
> stumbling block was getting SSH to authenticate without asking for a
> password. (The way r* utilities work).
>
> Would it be possible to setup my FreeBSD boxes to work in a similar way to r*
> utils, so i can do ssh myhost.mydomain.com and be presented with a shell on the
> remote machine, with the appropriate authentication pre-configured?
Sure. I do it. What I do is use RSA keys. Use the ssh-keygen utility
that installs with the ssh package to generate a RSA key for a user. When
it prompts you for a password for the RSA key, hit return. By default
this installs the key pair(public & private) into
$HOME/.ssh/{identity,identity.pub. Put the public key
($HOME/.ssh/identity.pub) into the target machine, in the target user's
$HOME/.ssh/authorized_keys. Make sure the target machine is running sshd,
and that /etc/sshd_config says "RSAAuthentication yes". Now you can ssh
from the source machine to the target machine without a password IF you
didn't specify a password for the RSA key on the source machine.
If you're sshing to the target machine as a different user from the source
machine, you'll have to specify the user on the ssh command line with the
-l command line option. For example:
host1> tar -czf - /file1 /file2 | ssh host2 -l some_user "cd /backup_dir \
; tar -xzf -"
Do note that there are security implications for creating RSA keys without
passwords. Essentially it's the same issue with using rhosts: if an
account is compromised on a local machine, it is thereby compromised on
the remote machine.
> Are there any how-to's, or faq's on this?
Aside from the above? I don't know. Maybe someone else can help you out
there.
/-------------------------------------------------------------------------/
Giving something away is the ultimate subversive act in a society the
economic system of which is structurally based on greed and egotism.
finger bigby@shiva.eu.org for my pgpkey
e-mail bigby@pager.shiva.eu.org to page me
/-------------------------------------------------------------------------/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9908120325340.5932-100000>