sshd question
Matthew Seaman
m.seaman at infracaninophile.co.uk
Thu Jan 19 23:58:12 PST 2006
Peter wrote:
> --- Beech Rintoul <akbeech at gmail.com> wrote:
>
>> I'm trying to set up ssh to use keys to authenticate on a remote server.
>> I've
>> always used passwords in the past. I generated a key pair and exported
>> my
>> public key to ~/.ssh/authorized_keys on the remote machine. I changed
>> sshd_config to "PasswordAuthentication no". when I login the remote
>> machine
>> still asks for a password. What do I change to just use the key to log
>> in?
>
> I'm assuming you do not want to enter anything to log in right? If so,
> you need a private key with a blank passphrase. It's hard to say from
> here but it may be that you are being prompted for the passphrase to
> unlock your private key.
No, no, no. ssh keys with out pass-phrases are a liability. It really is a
bad idea to do that.
What the OP should do instead is use ssh-agent -- I fire it up from .xsession
when I log into my desktop. Then load your key into the agent:
ssh-add ~/.ssh/id_dsa
which will require you to give the pass phrase. However, that's the one and
only time you'll need to do that.
Then when you ssh into a box, it should auth against your key automatically. If
you take care to always use the '-A' flag when you ssh in:
ssh -A hostname
then you can bounce through several machines, and the auth requests will be
relayed back to the ssh-agent on your desktop.[*]
Cheers,
Matthew
[*] Agent forwarding is off by default in /etc/ssh/ssh_config (client side)
but permitted in /etc/ssh/sshd_config (server side) -- but the -A flag
overrides the client settings.
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060120/3dda071e/signature.bin
More information about the freebsd-questions
mailing list