Date: Tue, 28 Nov 2000 13:12:14 -0800 From: rsowders@usgs.gov To: tayers@bridge.com Cc: owner-freebsd-questions@FreeBSD.ORG, questions@FreeBSD.ORG Subject: Re: Help Understanding SSH Message-ID: <OF2F63D8EF.5D8DD37A-ON082569A5.0073ECD8@wr.usgs.gov>
next in thread | raw e-mail | index | archive | help
The pass phrase and key combination are both required for strong
authentication.
Keeping it simple and out of the minutiae,
Basically the key verifies that you are coming from where you say you are
coming
and the pass phrase verifies that you are who you say you are.
As Popeye would say "I'm from where I'm from and I yam what I yam".
tayers@bridge.com
Sent by: owner-freebsd-questions@FreeBSD.ORG
11/27/2000 06:59 PM
To: questions@FreeBSD.ORG
cc:
Subject: Re: Help Understanding SSH
>>>>> "D" == Dima Dorfman <dima@unixfreak.org> writes:
D> Mike Meyer wrote:
>> tayers@bridge.com types:
>> > Then I disconnect from B and connect again: 'ssh B'. It works without
>> > the "authenticity" warning, but it prompts for the passphrase
>> > again. Blech. ;-p Is there a way to set this up so I don't have to
>> > type the passphrase in all the time? Having to type the passphrase
>> > makes doing 'ssh B <command>' from a script kind of troublesome.
>>
>> I haven't fooled with passphrases. You may need to set things up
>> without one. However, according to the ssh-keygen man page, you need
>> to copy the .ssh/identity.pub key into .ssh/authorized_keys on the
>> remote machine. I'd try that first.
D> This is to get the RSA key working in the first place (identity.pub ->
D> authorized_keys is telling the server that they key can be used to
D> connect to that user's account). What you're looking for is
D> ssh-agent(1) and ssh-add(1).
Thanks for the answers. stock@fishcracker.com and Dima suggested using
ssh-agent, but I don't think that is useful in my case. I have UNIX
servers that need to communicate with other servers. So I want server
A to be able to run a command on server B. I did not make this clear
in my original message.
Mike's implication is what allows this to work without a prompt. If
you create an SSH key without a passphrase it works like I want:
without prompting for a passphrase.
I'm still looking for the what/why of the passphrase. I assume it is
additional security, but haven't seen that printed anywhere.
Thanks and
Hope you have a very nice day, :-)
Tim Ayers (tayers@bridge.com)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF2F63D8EF.5D8DD37A-ON082569A5.0073ECD8>