[vox-tech] How can I configure SSH for passwordless auth?
Ken Bloom
vox-tech@lists.lugod.org
Sat, 16 Nov 2002 22:56:33 -0800
Thanks for the security tip, I hadn't thought of that. I have removed my
CSIF public key from my local authorized_keys file. I looked at other
people's proposed solutions, but they all undo the convenience that I
was hoping to gain, so I'm now only going to use the CSIF key to connect
to other machines in the CSIF labs.
> ---ORIGINAL MESSAGE---
> Date: Thu, 14 Nov 2002 18:38:00 -0800 (PST)
> From: "Mark K. Kim" <markslist@cbreak.org>
> To: vox-tech@lists.lugod.org
> Subject: Re: [vox-tech] How can I configure SSH for passwordless auth?
> Reply-To: vox-tech@lists.lugod.org
>
> Hmm... Not an expert here, but...
>
> If you setup the system so you can login from CSIF to your home machine
> without password checking then anyone who works for CSIF can become you
> and access your home machine as you... right?
>
> I guess the same would apply if someone can read your key ring so... set
> the permissions correctly.
>
> -Mark
>
>
> On Thu, 14 Nov 2002, Samuel Merritt wrote:
>
> > On Thu, Nov 14, 2002 at 12:26:40PM -0800, Ken Bloom wrote:
> > > I'd like to be able to login to my account in the CSIF lab with the
> > > standard DSA or RSA mechanism in SSH so that I don't have to enter a
> > > password when I log in. I've tried following the directions on the ssh
> > > manpage, and the ssh-agent manpage to no avail.
> > >
> > > Can someone give me directions how to configure this? My username is the
> > > same on both systems, and my goal is to turn this into a bidirectional
> > > process, so I can connect to CSIF from my computer or connect to my
> > > computer from CSIF.
> >
> > The CSIF uses commercial SSH, not OpenSSH.
> >
> > First, you'll need to convert your public key to SECSH format.
> > "ssh-keygen -e -f public_key_file" is the tool for this job.
> >
> > Then, on the CSIF, create ".ssh2" in your $HOME, if it isn't already
> > there. Put your SECSH-format public key into $HOME/.ssh2/some_filename
> > and then put the line "key some_filename" into
> > $HOME/.ssh2/authorization.
> >
> > That'll get you set up for public-key authenticated logins to the CSIF.
> > Coming from the CSIF is largely the same process, but in reverse.