From: Sam Carleton <scarleton@miltonstreet.com> To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: HELP!!! using RSA w/o passwords? Message-ID: <38D02F79.2B7DDEE4@miltonstreet.com> References: <OFD0EC3BE7.31111DD3-ON882568A2.001504C8@wr.usgs.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
rsowders@usgs.gov wrote: > Make sure your /usr/local/etc/sshd_config has " RSAAuthentication yes" and > your ssh_config have "RSAAuthentication yes" > Now run ssh-keygen but when it asks you for a pass phrase do not put > anything in just hit the enter key. When I run ssh-keygen, am I recreating the key for the user (~/.ssh2)or the system (/etc/ssh2/)? > Transfer the identity.pub from each machine into the other machines > authorized_keys file. I am still not 100% about this part. Again, is this for the user or the system? How exactly do I transfer the identity.pub into the authorized_keys file? Does authorized_keys have the path/filename of the identity.pub or do I do do something like this cat identity.pub >> authorized_keys? > Now passwords are not used at all and it relies on the identity.pub file > and the authorized_keys file and the pass-phrase (of which there is none) > everything else being satisfied it will let you in if you have the correct > keys (identity.pub). > > Warning this is not very secure, in that if one machine/account is > compromised every machine that allows RSA login from the compromised > machine/account is also compromised. If you are willing to tolerate this, > then the preceding explanation is for you. I only want this setup for users, not the whole system. My final objective is to setup a ??ppnp?? within ssh to create a VPN between to locations. Any thoughts on the most secure way of doing this? Sam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38D02F79.2B7DDEE4>