Date: Fri, 08 Jan 2010 16:13:34 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: User questions <freebsd-questions@freebsd.org> Subject: Re: Accessing Computer Message-ID: <4B4759AE.3070803@infracaninophile.co.uk> In-Reply-To: <BLU0-SMTP61F6897280D4F6B765667493700@phx.gbl> References: <BLU0-SMTP808A12E3EF9AAFC0BD755893700@phx.gbl> <44ljg8y6hb.fsf@be-well.ilk.org> <BLU0-SMTP61F6897280D4F6B765667493700@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD5EEF3D7AF1044FE3271AFAF Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Carmel wrote: > On Fri, 08 Jan 2010 10:13:52 -0500 Lowell Gilbert <freebsd-questions-lo= cal@be-well.ilk.org> articulated: >=20 >> Carmel <carmel_ny@hotmail.com> writes: >> >>> On Fri, 8 Jan 2010 14:58:23 +0100 Pieter de Goeje <pieter@service2med= ia.com> articulated: >>> >>>> You might want to take a look at ssh-agent. I think PuTTY has an equ= ivalent.=20 >>>> It lets you do remote logins without putting your key(s) everywhere.= I've not=20 >>>> yet tried this myself, but I plan on testing it sometime. >>> I use agent. All that agent does is cache your password so you do no= t >>> have to re-enter it each time you make a connection. >> The agent can be forwarded with the connection. =20 >> In your case, it would remove the need for a second key on the second = machine. >=20 > I was not aware of that. I will have to read up on how to accomplish it= =2E You just put the public key from Computer 1 in ~/.ssh/authorized_keys on both the machines (Computer 2, Computer 3) where you want access. You'll= have to use 'ssh-keygen -i -f filename' to convert the pubkey from the S= SH2=20 format Putty uses to the OpenSSH format FreeBSD uses, and you need to be = careful to make the authorized_keys file writable only by the account UID= =2E You=20 can prepend the line in the authorized_keys files with from=3D"hostname" = to only=20 permit access from a specific host if you like. See the section=20 'AUTHORIZED_KEYS FILE FORMAT' in sshd(8) for details. You don't need to install any private keys on Computer 2 or Computer 3. Then when you load the key into the agent, be sure and check the 'Forward= the Agent' tickbox. Similarly, when you connect from computer 2 to comp= uter 3 just add '-A' to the ssh command line, as in: 'ssh -A computer3' -- thi= s=20 achieves the same agent forwarding under OpenSSH. Computer 3 will ask computer 2 for authentication, and computer 2 will relay this request bac= k to computer 1 where there is access to your private key. You can hop throug= h a large number of machines this way, and so long as you keep forwarding the= agent it should all work. Cheers, Matthew Note that pageant, or ssh-agent (which is the FreeBSD equivalent) doesn't= =20 cache the passphrase. It stores a decrypted copy of your private key in = memory. Don't leave the agent running on an unattended machine that anyo= ne=20 else can access. --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enigD5EEF3D7AF1044FE3271AFAF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAktHWbQACgkQ8Mjk52CukIwc6wCdEWoQQUBes5FXx87N/XiiwcxG 6hcAn23X24SVAGXczI8Vm1W0Fzq6bCc+ =RVDm -----END PGP SIGNATURE----- --------------enigD5EEF3D7AF1044FE3271AFAF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B4759AE.3070803>