Date: Thu, 14 Aug 2008 15:59:48 +0000 From: Pollywog <lists-fbsdstable@shadypond.com> To: freebsd-stable@freebsd.org Subject: Re: ssh-keygen between SuSE and FreeBSD Message-ID: <200808141559.49973.lists-fbsdstable@shadypond.com> In-Reply-To: <48A3ECE7020000900001C150@hermes.cwu.edu> References: <48A3ECE7020000900001C150@hermes.cwu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 14 August 2008 15:29:27 Gavin Spomer wrote: > >>> Lyndon Nerenberg <lyndon@orthanc.ca> 08/13/08 7:10 PM >>> > > > > You need to start an ssh-agent on the machine you're connecting from and > > populate it with your keychain: > > > > eval `ssh-agent` > > ssh-add > > > > Add the above to your .profile, or check the Linux PAM implementation to > > see if it has ssh session support. > > > > --lyndon > > Thanks. > > That made it possible for me to ssh from SuSE server to FreeBSD server, but > now when I ssh from my Mac to SuSE server it wants a password now: > > Enter passphrase for /home/myusername/.ssh/id_rsa: > > I read the FreeBSD handbook section "14.11.7 ssh-agent and ssh-add" and > don't have anything much more intelligent to say but "I don't understand". > ;) > > Questions: > > 1. If the ssh-agent and ssh-add utilities load the keys into memory, > they'd be wiped if I rebooted? Yes, rebooting will take the keys out of memory and you would need to use 'ssh-add' on the command line to put the keys and passphrase in memory. The 'ssh-add -D' command removes the keys when you are done but are not logging out. > > 2. Is #1 why I'd add it to my ~/.profile? This is so that ssh-agent is set when you login at a console. I don't know about Mac but some Linux distributions have session scripts so that this is done for you when you start a KDE session. I don't believe ~/.profile will be read unless you login at a console or xterm or similar. When you add stuff to your ~/.profile, I recommend doing it on a separate account first. I once added those lines on a Linux system and was locked out on that account but I was able to get in with another account, su to root, and remove the lines in the affected user ~/.profile and then I was no longer locked out. > > 3. How am I able to ssh (without a password) from my Mac to SuSE server > or Mac to FreeBSD server when I don't have "eval `ssh-agent`" and "ssh-add" > in my .profile on my Mac? You can do 'ssh-agent bash' followed by 'ssh-add' but this will not work until you have generated your SSH keys with: ssh-keygen -t rsa -b 1024 or ssh-keygen -t dsa -b 1024 or similar. Until you do that, you have to use your login password and cannot use a passphrase since you have not set one. Setting the passphrase is part of the process of generating your SSH keys. BTW I do not know if you are using the "keychain" utility. Be very careful with it. It can be confusing. I found it inconvenient to use and no longer use it. There are some fine SSH tutorials online, I believe "OnLamp" has some. Just make sure they are not more than about 3 yrs old.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808141559.49973.lists-fbsdstable>