From owner-freebsd-questions  Fri Apr  9 14: 7: 5 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207])
	by hub.freebsd.org (Postfix) with ESMTP id AEF3115A97
	for <freebsd-questions@freebsd.org>; Fri,  9 Apr 1999 14:07:00 -0700 (PDT)
	(envelope-from cjc@cc942873-a.ewndsr1.nj.home.com)
Received: (from cjc@localhost)
	by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.8.8) id MAA08195;
	Fri, 9 Apr 1999 12:15:52 -0400 (EDT)
	(envelope-from cjc)
From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
Message-Id: <199904091615.MAA08195@cc942873-a.ewndsr1.nj.home.com>
Subject: Re: Using ssh on Multiple Machines
In-Reply-To: <rd6lng1vqrz.fsf@world.std.com> from Lowell Gilbert at "Apr 9, 99 09:59:12 am"
To: lowell@world.std.com (Lowell Gilbert)
Date: Fri, 9 Apr 1999 12:15:52 -0400 (EDT)
Cc: cjclark@home.com, freebsd-questions@freebsd.org
Reply-To: cjclark@home.com
X-Mailer: ELM [version 2.4ME+ PL40 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Lowell Gilbert wrote,
[snip]

> Just for the record, I think the the ssh man pages are *great.* Very
> clear, and still fairly concise given the huge amount of material they
> cover.  
> 
> The basic trick is that you create a .ssh/authorized_keys file
> containing the ssh keys you want to accept.

Right, and this is where I find things confusing. From the ssh(1)
manpage,

       Ssh  implements  the RSA authentication protocol automati-
       cally.  The user creates his/her RSA key pair  by  running
       ssh-keygen(1).   This stores the private key in .ssh/iden-
       tity and the public key in .ssh/identity.pub in the user's
       home  directory.   The  user  should  then  copy the iden-
       tity.pub to .ssh/authorized_keys in his/her home directory
       on  the  remote  machine  (the authorized_keys file corre-
       sponds to the conventional .rhosts file, and has  one  key
       per line, though the lines can be very long).  After this,
       the user can log in  without  giving  the  password.   RSA
       authentication is much more secure than rhosts authentica-
       tion.

So, I have taken the 'identity.pub' file, put it on a floppy (or
whatever), and then just do something like 'cat identity.pub >
.ssh/authorized_keys' on a separate machine. Now, above it says,
'after this, the user can log in  without  giving  the  password,' but
each time I invoke ssh between these machines I have to enter my
passphrase. Why that happens (and whether it should happene at all) is
not clear to me from the manpage. Since that is a heck of a lot more
work to enter a passprhase than the remote user's password (or more
often I make a typo in the passphrase), I often use the password for
the user instead. Is there a difference? Why would I chose one over
the other? Those are the kinds of things I have trouble with in the
ssh manpages.
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message