From owner-freebsd-questions@FreeBSD.ORG Fri Jan 20 10:38:46 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6921E16A420 for ; Fri, 20 Jan 2006 10:38:46 +0000 (GMT) (envelope-from adamnealis@yahoo.co.uk) Received: from web86901.mail.ukl.yahoo.com (web86901.mail.ukl.yahoo.com [217.12.13.53]) by mx1.FreeBSD.org (Postfix) with SMTP id 981C143D45 for ; Fri, 20 Jan 2006 10:38:45 +0000 (GMT) (envelope-from adamnealis@yahoo.co.uk) Received: (qmail 13182 invoked by uid 60001); 20 Jan 2006 10:38:44 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Zn2Ojbwbyc+c8rxMXttomjVSolUJ/GDAAjNgAONGSEYudZh7eXgz65WwSDz0lsGIKkcgNPrfleWZUccJE4qtjnme1oMeHWzMGFy5bxpw+Plq5ZHYMzGI81kJ0SSBtZfYcdf2fGM6XdZdNe9gbSMmoOkEScbqwZcNm3kw7yBOtiU= ; Message-ID: <20060120103844.13180.qmail@web86901.mail.ukl.yahoo.com> Received: from [213.52.212.129] by web86901.mail.ukl.yahoo.com via HTTP; Fri, 20 Jan 2006 02:38:44 PST Date: Fri, 20 Jan 2006 02:38:44 -0800 (PST) From: Adam Nealis To: Matthew Seaman , Peter In-Reply-To: <43D097FD.6050401@infracaninophile.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-questions@freebsd.org, Beech Rintoul Subject: Re: sshd question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 10:38:46 -0000 --- Matthew Seaman wrote: > Peter wrote: > > --- Beech Rintoul wrote: > > > >> I'm trying to set up ssh to use keys to authenticate on a remote server. > >> I've > >> always used passwords in the past. I generated a key pair and exported > >> my > >> public key to ~/.ssh/authorized_keys on the remote machine. I changed > >> sshd_config to "PasswordAuthentication no". when I login the remote > >> machine > >> still asks for a password. What do I change to just use the key to log > >> in? > > > > I'm assuming you do not want to enter anything to log in right? If so, > > you need a private key with a blank passphrase. It's hard to say from > > here but it may be that you are being prompted for the passphrase to > > unlock your private key. > > No, no, no. ssh keys with out pass-phrases are a liability. It really is a > bad idea to do that. Not necessarily. They are still much better than ~/.rhosts, and having scripts containing ftp passwords. So long as you lock your screen or log out, you're not at much more risk than without null password keys. And they make administering several hundred hosts much easier. Having said that, I'd never allow any host to connect as root without a password using ssh (or over the network at all for that matter if it can be avoided). Adam. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com