Re: Accessing Computer

Fri, 08 Jan 2010 08:15:36 -0800 

Carmel wrote:

On Fri, 08 Jan 2010 10:13:52 -0500 Lowell Gilbert 
<freebsd-questions-lo...@be-well.ilk.org> articulated:


Carmel <carmel...@hotmail.com> writes:


On Fri, 8 Jan 2010 14:58:23 +0100 Pieter de Goeje <pie...@service2media.com> 
articulated:
You might want to take a look at ssh-agent. I think PuTTY has an equivalent. It lets you do remote logins without putting your key(s) everywhere. I've not yet tried this myself, but I plan on testing it sometime. 
I use agent.  All that agent does is cache your password so you do not
have to re-enter it each time you make a connection.
The agent can be forwarded with the connection. In your case, it would remove the need for a second key on the second machine. 

I was not aware of that. I will have to read up on how to accomplish it.


You just put the public key from Computer 1 in ~/.ssh/authorized_keys on
both the machines (Computer 2, Computer 3) where you want access.  You'll
have to use 'ssh-keygen -i -f filename' to convert the pubkey from the SSH2 format Putty uses to the OpenSSH format FreeBSD uses, and you need to be careful to make the authorized_keys file writable only by the account UID. You can prepend the line in the authorized_keys files with from="hostname" to only permit access from a specific host if you like. See the section 'AUTHORIZED_KEYS FILE FORMAT' in sshd(8) for details. You don't need to 
install any private keys on Computer 2 or Computer 3.

Then when you load the key into the agent, be sure and check the 'Forward
the Agent' tickbox.   Similarly, when you connect from computer 2 to computer
3 just add '-A' to the ssh command line, as in: 'ssh -A computer3' -- this achieves the same agent forwarding under OpenSSH. Computer 3 will ask 
computer 2 for authentication, and computer 2 will relay this request back to
computer 1 where there is access to your private key.  You can hop through a
large number of machines this way, and so long as you keep forwarding the agent
it should all work.

        Cheers,

        Matthew
Note that pageant, or ssh-agent (which is the FreeBSD equivalent) doesn't cache the passphrase. It stores a decrypted copy of your private key in memory. Don't leave the agent running on an unattended machine that anyone else can access. 

--
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                 Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                 Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to