Date: Thu, 14 Aug 2008 10:02:11 -0700 From: Gavin Spomer <spomerg@cwu.EDU> To: freebsd-stable@freebsd.org Subject: Re: ssh-keygen between SuSE and FreeBSD Message-ID: <48A402A3020000900001C178@hermes.cwu.edu>
next in thread | raw e-mail | index | archive | help
>=20 >>> Pollywog <lists-fbsdstable@shadypond.com> 08/14/08 9:32 AM >>> > On Thursday 14 August 2008 15:29:27 Gavin Spomer wrote: > > >>> Lyndon Nerenberg <lyndon@orthanc.ca> 08/13/08 7:10 PM >>> > > > > > > You need to start an ssh-agent on the machine you're connecting from = and > > > populate it with your keychain: > > > > > > eval `ssh-agent` > > > ssh-add > > > > > > Add the above to your .profile, or check the Linux PAM implementation= to > > > see if it has ssh session support. > > > > > > --lyndon > > > > Thanks. > > > > That made it possible for me to ssh from SuSE server to FreeBSD = server, but > > now when I ssh from my Mac to SuSE server it wants a password now: > > > > Enter passphrase for /home/myusername/.ssh/id_rsa: > > > > I read the FreeBSD handbook section "14.11.7 ssh-agent and ssh-add" = and > > don't have anything much more intelligent to say but "I don't = understand". > > ;) > > > > Questions: > > > > 1. If the ssh-agent and ssh-add utilities load the keys into = memory, > > they'd be wiped if I rebooted? >=20 > Yes, rebooting will take the keys out of memory and you would need to=20 > use 'ssh-add' on the command line to put the keys and passphrase in = memory. > The 'ssh-add -D' command removes the keys when you are done but are = not=20 > logging out. >=20 > > > > 2. Is #1 why I'd add it to my ~/.profile? >=20 > This is so that ssh-agent is set when you login at a console. I don't = know=20 > about Mac but some Linux distributions have session scripts so that this = is=20 > done for you when you start a KDE session. I don't believe ~/.profile = will=20 > be read unless you login at a console or xterm or similar. >=20 > When you add stuff to your ~/.profile, I recommend doing it on a = separate=20 > account first. I once added those lines on a Linux system and was = locked out=20 > on that account but I was able to get in with another account, su to = root,=20 > and remove the lines in the affected user ~/.profile and then I was no = longer=20 > locked out. > > > > 3. How am I able to ssh (without a password) from my Mac to SuSE = server > > or Mac to FreeBSD server when I don't have "eval `ssh-agent`" and = "ssh-add" > > in my .profile on my Mac? >=20 > You can do 'ssh-agent bash' followed by 'ssh-add' but this will not work = until=20 > you have generated your SSH keys with: >=20 > ssh-keygen -t rsa -b 1024 > or > ssh-keygen -t dsa -b 1024 >=20 > or similar. Until you do that, you have to use your login password and = cannot=20 > use a passphrase since you have not set one. Setting the passphrase is = part=20 > of the process of generating your SSH keys. >=20 > BTW I do not know if you are using the "keychain" utility. Be very = careful=20 > with it. It can be confusing. I found it inconvenient to use and no = longer=20 > use it. >=20 > There are some fine SSH tutorials online, I believe "OnLamp" has some. = Just=20 > make sure they are not more than about 3 yrs old. All good information. Thanks. I will save this for future reference. :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48A402A3020000900001C178>