Re: keys under ssh

Fri, 3 Mar 2000 02:58:51 -0800 

On Wed, Mar 01, 2000 at 12:44:56PM -0500, William Stearns wrote:
> > passphrase by just hitting enter, otherwise you won't be asked
> > for a password, but you'll be asked for an RSA passphrase every
> > time which is equally annoying.
> 
>       There's an easier way, and it's quite elegant.  Here's what I do.
>       On my main workstation, I log in as myself and run:
> ssh-agent >~/agent    #Start the ssh-agent
> . ~/agent             #tell this shell and all subshells how to find it

The above two lines can be replaced by
  eval `ssh-agent`

Which is slightly more elegant as it does not use a file.

I use xdm and have this in my .xsession.

> ssh-add                       #Type in my passphrase once
> startx                        #Go onto X
> 
>       Now, in all the subshells I start under X, I only need to type:
> ssh the_remote_machine        #Assuming it has my key in ~/.ssh/authorized_keys
>       or
> scp -p a_file the_remote_machine
>       and I'm in; no additional passphrase needed.
>       Is this truly more useful than just having no passphrase at all?  
> Yes, actually.  First, if someone got access to the private key file, they
> wouldn't be able to use it without my passphrase.  Secondly, I can ssh to
> one machine that has my public key, and from that machine ssh to _another_
> machine that also has my public key; the middle machine can use the
> ssh-agent on the original workstation to authenticate itself to the final
> target machine.
>       If I log into other terminals or X servers that aren't spawned
> from that original shell, all I need to type is
> . ~/agent
> and I have the same access to the ssh-agent.
>       Pretty nifty idea; thanks, Tatu!
>       Cheers,
>       - Bill
> 
> ---------------------------------------------------------------------------
>       "As a computer I find your faith in technology amusing."
> (Courtesy of Gerhard Mack <[EMAIL PROTECTED]>)
> --------------------------------------------------------------------------
> William Stearns ([EMAIL PROTECTED]).  Mason, Buildkernel, named2hosts, 
> and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns/
> --------------------------------------------------------------------------

-- 
Malcolm Caldwell - Manager, IT Infrastructure     Email:[EMAIL PROTECTED]
Information Technology Support                    Ph:  +61 8 89466631
Northern Territory University,Darwin              Fax: +61 8 89466630
CASUARINA 0909 Australia

Reply via email to