We are currently running ssh-2.1.0pl2 with the default DSA keys. ssh-agent2 and
ssh-add2 work fine with the setup.
Noel
[EMAIL PROTECTED] on 06/07/2000 02:39:59 PM
To: [EMAIL PROTECTED]
cc: (bcc: Noel L Yap)
Subject: is semi-automagic DSA authentication possible?
My company is in the process of converting all servers to allow only
ssh login. We are using OpenSSH 2.1.0p3.
We have historically used telnet but of course that got us into troubles.
We have approximately 150 serverss that we need to maintain and I would
like to make it as easy as possible to ssh to those machines. Ideally
from my workstation I would like to be able to just type "ssh remotehost"
and not be asked a password/passphrase every time.
I know I could use .rhosts authentication to get this to work but this
is possible the worst authentication method I have come across. I'm not
a very hacker and even I can circumvent that in a day or two.
I notice that with RSA authentication methods (protocol 1 only) can be
used were the two machines share public keys and the workstation runs
ssh-agent and ssh-add to allow the user to enter a passphrase only when
a key is added the first time. All subsequent ssh request query this
daemon for keys and (I think) you don't have to type a password everytime
you want to ssh or scp.
But we are restricting ourselves to Protocol 2 to get a higher levell of
security. Protocol 2 can use DSA authentication and I have that working
correctly.
However, from a convenience point of view I've only suceeding from increaing
the length of the password I need to type from a short 8 character password
to a much lengthier passphrase. And I have to type this for every connection.
Is there a way to run ssh-agent in a DSA compatible manner or is there another
suitable DSA agent that could be run to provide similar functionality.
If nothing exists is there anything that prevents such an agent from being
created. i.e. is explicitly impossible given the SSH v2 protocol? Not that I
have the time to write such an agent but maybe I could get on started.
Thank for any help you can offer,
- Jeff
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
