From owner-freebsd-questions@FreeBSD.ORG  Fri Jan  8 16:13:45 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EE511106570B
	for <freebsd-questions@freebsd.org>;
	Fri,  8 Jan 2010 16:13:45 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk
	[IPv6:2001:8b0:151:1::1])
	by mx1.freebsd.org (Postfix) with ESMTP id 4E7288FC0C
	for <freebsd-questions@freebsd.org>;
	Fri,  8 Jan 2010 16:13:45 +0000 (UTC)
Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1])
	(authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.4/8.14.3) with ESMTP id
	o08GDeqe063502
	for <freebsd-questions@freebsd.org>; Fri, 8 Jan 2010 16:13:41 GMT
	(envelope-from m.seaman@infracaninophile.co.uk)
X-DKIM: Sendmail DKIM Filter v2.8.3 smtp.infracaninophile.co.uk o08GDeqe063502
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=infracaninophile.co.uk; s=201001-infracaninophile; t=1262967221;
	bh=eY1fpdbxw8wzZOAj3DoF0CzV95vu3qsHbr+YlF2puSE=;
	h=Message-ID:Date:From:MIME-Version:To:Subject:References:
	In-Reply-To:Content-Type:Cc:Content-Type:Date:From:In-Reply-To:
	Message-ID:Mime-Version:References:To;
	z=Message-ID:=20<4B4759AE.3070803@infracaninophile.co.uk>|Date:=20F
	ri,=2008=20Jan=202010=2016:13:34=20+0000|From:=20Matthew=20Seaman=
	20<m.seaman@infracaninophile.co.uk>|Organization:=20Infracaninophi
	le|User-Agent:=20Thunderbird=202.0.0.23=20(X11/20091129)|MIME-Vers
	ion:=201.0|To:=20User=20questions=20<freebsd-questions@freebsd.org
	>|Subject:=20Re:=20Accessing=20Computer|References:=20<BLU0-SMTP80
	8A12E3EF9AAFC0BD755893700@phx.gbl>=09<44ljg8y6hb.fsf@be-well.ilk.o
	rg>=20<BLU0-SMTP61F6897280D4F6B765667493700@phx.gbl>|In-Reply-To:=
	20<BLU0-SMTP61F6897280D4F6B765667493700@phx.gbl>|X-Enigmail-Versio
	n:=200.95.6|Content-Type:=20multipart/signed=3B=20micalg=3Dpgp-sha
	256=3B=0D=0A=20protocol=3D"application/pgp-signature"=3B=0D=0A=20b
	oundary=3D"------------enigD5EEF3D7AF1044FE3271AFAF";
	b=jeoSlokOgauwEG+K0ZkRjAFLeOVAxn0keN57u4LBeTcvmthgl6TFaUY9MsF7g5yZO
	+1XKTvJTsxPuetD4g66hmbtAQrXTdfaJnEYSFhIIh+/OIEw/79/Ulhey0h35FhmpZ2
	RbvFzLBA228/+CkM0/Y4krJEyR3R8Nghjli+x4n4=
X-Authentication-Warning: happy-idiot-talk.infracaninophile.co.uk: Host
	localhost [IPv6:::1] claimed to be
	happy-idiot-talk.infracaninophile.co.uk
Message-ID: <4B4759AE.3070803@infracaninophile.co.uk>
Date: Fri, 08 Jan 2010 16:13:34 +0000
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Organization: Infracaninophile
User-Agent: Thunderbird 2.0.0.23 (X11/20091129)
MIME-Version: 1.0
To: User questions <freebsd-questions@freebsd.org>
References: <BLU0-SMTP808A12E3EF9AAFC0BD755893700@phx.gbl>	<44ljg8y6hb.fsf@be-well.ilk.org>
	<BLU0-SMTP61F6897280D4F6B765667493700@phx.gbl>
In-Reply-To: <BLU0-SMTP61F6897280D4F6B765667493700@phx.gbl>
X-Enigmail-Version: 0.95.6
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="------------enigD5EEF3D7AF1044FE3271AFAF"
X-Virus-Scanned: clamav-milter 0.95.3 at
	happy-idiot-talk.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.9 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,
	DKIM_VERIFIED,NO_RELAYS autolearn=ham version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
	happy-idiot-talk.infracaninophile.co.uk
Subject: Re: Accessing Computer
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jan 2010 16:13:46 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD5EEF3D7AF1044FE3271AFAF
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

Carmel wrote:
> On Fri, 08 Jan 2010 10:13:52 -0500 Lowell Gilbert <freebsd-questions-lo=
cal@be-well.ilk.org> articulated:
>=20
>> Carmel <carmel_ny@hotmail.com> writes:
>>
>>> On Fri, 8 Jan 2010 14:58:23 +0100 Pieter de Goeje <pieter@service2med=
ia.com> articulated:
>>>
>>>> You might want to take a look at ssh-agent. I think PuTTY has an equ=
ivalent.=20
>>>> It lets you do remote logins without putting your key(s) everywhere.=
 I've not=20
>>>> yet tried this myself, but I plan on testing it sometime.
>>> I use agent.  All that agent does is cache your password so you do no=
t
>>> have to re-enter it each time you make a connection.
>> The agent can be forwarded with the connection. =20
>> In your case, it would remove the need for a second key on the second =
machine.
>=20
> I was not aware of that. I will have to read up on how to accomplish it=
=2E

You just put the public key from Computer 1 in ~/.ssh/authorized_keys on
both the machines (Computer 2, Computer 3) where you want access.  You'll=

have to use 'ssh-keygen -i -f filename'  to convert the pubkey from the S=
SH2=20
format Putty uses to the OpenSSH format FreeBSD uses, and you need to be =

careful to make the authorized_keys file writable only by the account UID=
=2E  You=20
can prepend the line in the authorized_keys files with from=3D"hostname" =
to only=20
permit access from a specific host if you like.  See the section=20
'AUTHORIZED_KEYS FILE FORMAT' in sshd(8) for details.  You don't need to
install any private keys on Computer 2 or Computer 3.

Then when you load the key into the agent, be sure and check the 'Forward=

the Agent' tickbox.   Similarly, when you connect from computer 2 to comp=
uter
3 just add '-A' to the ssh command line, as in: 'ssh -A computer3' -- thi=
s=20
achieves the same agent forwarding under OpenSSH.  Computer 3 will ask
computer 2 for authentication, and computer 2 will relay this request bac=
k to
computer 1 where there is access to your private key.  You can hop throug=
h a
large number of machines this way, and so long as you keep forwarding the=
 agent
it should all work.

	Cheers,

	Matthew

Note that pageant, or ssh-agent (which is the FreeBSD equivalent) doesn't=
=20
cache the passphrase.  It stores a decrypted copy of your private key in =

memory.  Don't leave the agent running on an unattended machine that anyo=
ne=20
else can access.

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW


--------------enigD5EEF3D7AF1044FE3271AFAF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAktHWbQACgkQ8Mjk52CukIwc6wCdEWoQQUBes5FXx87N/XiiwcxG
6hcAn23X24SVAGXczI8Vm1W0Fzq6bCc+
=RVDm
-----END PGP SIGNATURE-----

--------------enigD5EEF3D7AF1044FE3271AFAF--