Date: Fri, 08 Jan 2010 16:13:34 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: User questions <freebsd-questions@freebsd.org> Subject: Re: Accessing Computer Message-ID: <4B4759AE.3070803@infracaninophile.co.uk> In-Reply-To: <BLU0-SMTP61F6897280D4F6B765667493700@phx.gbl> References: <BLU0-SMTP808A12E3EF9AAFC0BD755893700@phx.gbl> <44ljg8y6hb.fsf@be-well.ilk.org> <BLU0-SMTP61F6897280D4F6B765667493700@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD5EEF3D7AF1044FE3271AFAF
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Carmel wrote:
> On Fri, 08 Jan 2010 10:13:52 -0500 Lowell Gilbert <freebsd-questions-lo=
cal@be-well.ilk.org> articulated:
>=20
>> Carmel <carmel_ny@hotmail.com> writes:
>>
>>> On Fri, 8 Jan 2010 14:58:23 +0100 Pieter de Goeje <pieter@service2med=
ia.com> articulated:
>>>
>>>> You might want to take a look at ssh-agent. I think PuTTY has an equ=
ivalent.=20
>>>> It lets you do remote logins without putting your key(s) everywhere.=
I've not=20
>>>> yet tried this myself, but I plan on testing it sometime.
>>> I use agent. All that agent does is cache your password so you do no=
t
>>> have to re-enter it each time you make a connection.
>> The agent can be forwarded with the connection. =20
>> In your case, it would remove the need for a second key on the second =
machine.
>=20
> I was not aware of that. I will have to read up on how to accomplish it=
=2E
You just put the public key from Computer 1 in ~/.ssh/authorized_keys on
both the machines (Computer 2, Computer 3) where you want access. You'll=
have to use 'ssh-keygen -i -f filename' to convert the pubkey from the S=
SH2=20
format Putty uses to the OpenSSH format FreeBSD uses, and you need to be =
careful to make the authorized_keys file writable only by the account UID=
=2E You=20
can prepend the line in the authorized_keys files with from=3D"hostname" =
to only=20
permit access from a specific host if you like. See the section=20
'AUTHORIZED_KEYS FILE FORMAT' in sshd(8) for details. You don't need to
install any private keys on Computer 2 or Computer 3.
Then when you load the key into the agent, be sure and check the 'Forward=
the Agent' tickbox. Similarly, when you connect from computer 2 to comp=
uter
3 just add '-A' to the ssh command line, as in: 'ssh -A computer3' -- thi=
s=20
achieves the same agent forwarding under OpenSSH. Computer 3 will ask
computer 2 for authentication, and computer 2 will relay this request bac=
k to
computer 1 where there is access to your private key. You can hop throug=
h a
large number of machines this way, and so long as you keep forwarding the=
agent
it should all work.
Cheers,
Matthew
Note that pageant, or ssh-agent (which is the FreeBSD equivalent) doesn't=
=20
cache the passphrase. It stores a decrypted copy of your private key in =
memory. Don't leave the agent running on an unattended machine that anyo=
ne=20
else can access.
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enigD5EEF3D7AF1044FE3271AFAF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAktHWbQACgkQ8Mjk52CukIwc6wCdEWoQQUBes5FXx87N/XiiwcxG
6hcAn23X24SVAGXczI8Vm1W0Fzq6bCc+
=RVDm
-----END PGP SIGNATURE-----
--------------enigD5EEF3D7AF1044FE3271AFAF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B4759AE.3070803>