[vox-tech] How can I configure SSH for passwordless auth?

Samuel Merritt vox-tech@lists.lugod.org
Thu, 14 Nov 2002 18:48:08 -0800


--IMjqdzrDRly81ofr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

There's a program called ssh-agent that takes care of just this problem.
The keys are stored encrypted on disk with a passphrase; you run
ssh-agent, and it creates a process and a socket that ssh processes can
connect to in order to get the decrypted keys. You run ssh-add <keyfile>
and enter the passphrase, and then you can ssh anywhere using that key
without needing the passphrase again.=20

It's not quite completely passwordless, but it avoids the problem of
storing keys in the clear on disk.=20


On Thu, Nov 14, 2002 at 06:38:00PM -0800, Mark K. Kim wrote:
> Hmm...  Not an expert here, but...
>=20
> If you setup the system so you can login from CSIF to your home machine
> without password checking then anyone who works for CSIF can become you
> and access your home machine as you... right?
>=20
> I guess the same would apply if someone can read your key ring so... set
> the permissions correctly.
>=20
> -Mark
>=20
>=20
> On Thu, 14 Nov 2002, Samuel Merritt wrote:
>=20
> > On Thu, Nov 14, 2002 at 12:26:40PM -0800, Ken Bloom wrote:
> > > I'd like to be able to login to my account in the CSIF lab with the
> > > standard DSA or RSA mechanism in SSH so that I don't have to enter a
> > > password when I log in. I've tried following the directions on the ssh
> > > manpage, and the ssh-agent manpage to no avail.
> > >
> > > Can someone give me directions how to configure this? My username is =
the
> > > same on both systems, and my goal is to turn this into a bidirectional
> > > process, so I can connect to CSIF from my computer or connect to my
> > > computer from CSIF.
> >
> > The CSIF uses commercial SSH, not OpenSSH.
> >
> > First, you'll need to convert your public key to SECSH format.
> > "ssh-keygen -e -f public_key_file" is the tool for this job.
> >
> > Then, on the CSIF, create ".ssh2" in your $HOME, if it isn't already
> > there. Put your SECSH-format public key into $HOME/.ssh2/some_filename
> > and then put the line "key some_filename" into
> > $HOME/.ssh2/authorization.
> >
> > That'll get you set up for public-key authenticated logins to the CSIF.
> > Coming from the CSIF is largely the same process, but in reverse.
> >
> > --
> > Samuel Merritt
> > OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot=
_org.asc
> > Information about PGP can be found at http://www.mindspring.com/~aegree=
ne/pgp/
> >
>=20
> --=20
> Mark K. Kim
> http://www.cbreak.org/
> PGP key available upon request.
>=20
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

--=20
Samuel Merritt
OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org=
.asc
Information about PGP can be found at http://www.mindspring.com/~aegreene/p=
gp/

--IMjqdzrDRly81ofr
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE91GBoW3tuPJ1t7wURAleTAJ9OirdTD/y5n49f4t4TDwnJdgCzZQCfeDX7
FwzgKWxVcjbARKKCq1IePU4=
=1U2I
-----END PGP SIGNATURE-----

--IMjqdzrDRly81ofr--