From owner-freebsd-questions Tue Nov 28 13:12:22 2000 Delivered-To: freebsd-questions@freebsd.org Received: from gscamnlh01.wr.usgs.gov (gscamnlh01.wr.usgs.gov [130.118.4.115]) by hub.freebsd.org (Postfix) with ESMTP id 79AF237B404; Tue, 28 Nov 2000 13:12:19 -0800 (PST) To: tayers@bridge.com Cc: owner-freebsd-questions@FreeBSD.ORG, questions@FreeBSD.ORG Subject: Re: Help Understanding SSH X-Mailer: Lotus Notes Release 5.0.3 March 21, 2000 Message-ID: From: rsowders@usgs.gov Date: Tue, 28 Nov 2000 13:12:14 -0800 X-MIMETrack: Serialize by Router on gscamnlh01/SERVER/USGS/DOI(Release 5.0.3 |March 21, 2000) at 11/28/2000 01:12:19 PM, Serialize complete at 11/28/2000 01:12:19 PM MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG The pass phrase and key combination are both required for strong authentication. Keeping it simple and out of the minutiae, Basically the key verifies that you are coming from where you say you are coming and the pass phrase verifies that you are who you say you are. As Popeye would say "I'm from where I'm from and I yam what I yam". tayers@bridge.com Sent by: owner-freebsd-questions@FreeBSD.ORG 11/27/2000 06:59 PM To: questions@FreeBSD.ORG cc: Subject: Re: Help Understanding SSH >>>>> "D" == Dima Dorfman writes: D> Mike Meyer wrote: >> tayers@bridge.com types: >> > Then I disconnect from B and connect again: 'ssh B'. It works without >> > the "authenticity" warning, but it prompts for the passphrase >> > again. Blech. ;-p Is there a way to set this up so I don't have to >> > type the passphrase in all the time? Having to type the passphrase >> > makes doing 'ssh B ' from a script kind of troublesome. >> >> I haven't fooled with passphrases. You may need to set things up >> without one. However, according to the ssh-keygen man page, you need >> to copy the .ssh/identity.pub key into .ssh/authorized_keys on the >> remote machine. I'd try that first. D> This is to get the RSA key working in the first place (identity.pub -> D> authorized_keys is telling the server that they key can be used to D> connect to that user's account). What you're looking for is D> ssh-agent(1) and ssh-add(1). Thanks for the answers. stock@fishcracker.com and Dima suggested using ssh-agent, but I don't think that is useful in my case. I have UNIX servers that need to communicate with other servers. So I want server A to be able to run a command on server B. I did not make this clear in my original message. Mike's implication is what allows this to work without a prompt. If you create an SSH key without a passphrase it works like I want: without prompting for a passphrase. I'm still looking for the what/why of the passphrase. I assume it is additional security, but haven't seen that printed anywhere. Thanks and Hope you have a very nice day, :-) Tim Ayers (tayers@bridge.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message