Date: Thu, 12 Aug 1999 17:49:25 +0200 (CEST) From: A.Leidinger@WJPServer.CS.Uni-SB.de To: Bigby Findrake <bigby@shiva.eu.org> Cc: chrisk@tpgi.com.au, freebsd-security@FreeBSD.ORG Subject: Re: SSH on FreeBSD. Message-ID: <199908121549.RAA01161@work.net.local> In-Reply-To: <Pine.BSF.4.05.9908120325340.5932-100000@shiva.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12 Aug, Bigby Findrake wrote: >> Would it be possible to setup my FreeBSD boxes to work in a similar way to r* >> utils, so i can do ssh myhost.mydomain.com and be presented with a shell on the >> remote machine, with the appropriate authentication pre-configured? > > Sure. I do it. What I do is use RSA keys. Use the ssh-keygen utility > that installs with the ssh package to generate a RSA key for a user. When > it prompts you for a password for the RSA key, hit return. By default > this installs the key pair(public & private) into > $HOME/.ssh/{identity,identity.pub. Put the public key > ($HOME/.ssh/identity.pub) into the target machine, in the target user's > $HOME/.ssh/authorized_keys. Make sure the target machine is running sshd, > and that /etc/sshd_config says "RSAAuthentication yes". Now you can ssh > from the source machine to the target machine without a password IF you > didn't specify a password for the RSA key on the source machine. If you didnt want to use it from a cronjob (or anything other non interactive) you could use ssh-agent and ssh-add. I've configured my xdm-login to start my X session with ssh-agent. In my .xsession I have the ssh-add command, it asks me at login time for my password for the RSA key. /usr/X11R6/lib/X11/xdm/Xsession: [...] ---snip--- startup=$HOME/.xsession resources=$HOME/.Xresources if [ -f "$startup" ]; then exec ssh-agent "$startup" else if [ -f "$resources" ]; then xrdb -load "$resources" fi exec ssh-agent xsm fi ---snip--- $HOME/.xsession: ---snip--- #!/bin/-sh # loading default X resources xrdb -merge .Xresources # ssh-passwd if [ $?SSH_AGENT_PID ]; then ssh-add 2>&1 </dev/null >/dev/null fi ---snip--- > host1> tar -czf - /file1 /file2 | ssh host2 -l some_user "cd /backup_dir \ > ; tar -xzf -" What about "ssh username@host2 ..."? Bye, Alexander. P.S.: It's also possible to use it in a non interactive environment, but you have to do tricky/nasty things. -- Animal testing is futile: they always get nervous and give the wrong answers. http://netchild.home.pages.de A.Leidinger+Home @ WJPServer.CS.Uni-SB.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908121549.RAA01161>