Skip site navigation (1)Skip section navigation (2)
From:      Sam Carleton <scarleton@miltonstreet.com>
To:        FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject:   Re: HELP!!! using RSA w/o passwords?
Message-ID:  <38D02F79.2B7DDEE4@miltonstreet.com>
References:  <OFD0EC3BE7.31111DD3-ON882568A2.001504C8@wr.usgs.gov>

next in thread | previous in thread | raw e-mail | index | archive | help

rsowders@usgs.gov wrote:

> Make sure your /usr/local/etc/sshd_config has " RSAAuthentication yes" and
> your ssh_config have "RSAAuthentication yes"
> Now run ssh-keygen but when it asks you for a pass phrase do not put
> anything in just hit the enter key.

When I run ssh-keygen, am I recreating the key for the user (~/.ssh2)or the system (/etc/ssh2/)?

> Transfer the identity.pub from each machine into the other machines
> authorized_keys file.

I am still not 100% about this part.  Again, is this for the user or the system?  How exactly do I transfer the
identity.pub into the authorized_keys file?  Does authorized_keys have the path/filename of the identity.pub or do
I do do something like this cat identity.pub >> authorized_keys?

> Now passwords are not used at all and it relies on the identity.pub file
> and the authorized_keys file and the pass-phrase (of which there is none)
> everything else being satisfied it will let you in if you have the correct
> keys (identity.pub).
>
> Warning this is not very secure, in that if one machine/account is
> compromised every machine that allows RSA login from the compromised
> machine/account is also compromised.  If you are willing to tolerate this,
> then the preceding explanation is for you.

I only want this setup for users, not the whole system.  My final objective is to setup a ??ppnp?? within ssh to
create a VPN between to locations.  Any thoughts on the most secure way of doing this?

Sam




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38D02F79.2B7DDEE4>