Zed Pobre <[EMAIL PROTECTED]> writes: > Okay, I've checked the archives, followed the instructions, and I > still can't get it working. What I did (as best I can remember): > > On my local machine, did ssh-keygen, stored the files in > .ssh/identity and .ssh/identity.pub. > > Telnetted to master. Created ~/.ssh. chmod 700 .ssh > cd .ssh > FTP back to my local machine, set binary mode, get identity.pub out > of the .ssh directory. > mv identity.pub authorized_keys > chmod 600 authorized_keys > > > ssh -v master from the local machine results in this: > <SNIP> > moebius: Trying RSA authentication with key '[EMAIL PROTECTED]' > moebius: Received RSA challenge from server. > Enter passphrase for RSA key '[EMAIL PROTECTED]': > > where as you can see it ends up asking me for my passphrase (which I > gather it isn't supposed to do). There's no difference if I use slogin > master instead of ssh master. Did I miss a step somewhere?
Here's the deal - when you generated the public/private keypair with ssh-keygen you had the option of giving a passphrase required to unlock the secret key half of that keypair. If you were so certain of your own system's security that you didn't add a passphrase to that public/private keypair, then you wouldn't get asked here. (the prompt here is for the passphrase created with ssh-keygen, not for some password on master) In that case, however, someone who stole your secret key file could access your account on master - not a desireable thing. So, ok, you've decided that your secret key file has to be protected with a passphrase so that if you get hacked the hacker doesn't automatically have access to your account on master. But isn't it possible to just enter the passphrase once and be done with it? Yes, it is. The answer lies in the programs ssh-agent and ssh-add. The idea is that ssh-agent is run as a background process and stores the identies (i.e. the secret keys) of a user in an unencrypted fashion; secret keys are added by the user with ssh-add (which does prompt for a passphrase), and ssh (and scp, etc.) will then use these secret keys, never prompting the user for a passphrase. The end result is that the user need enter the passphrase for a given secret key only once. The best way to run ssh-agent is probably something like this: In your .xsession, assuming that you just have a line which says exec whateverwm replace it with: exec ssh-agent whateverwm (If you don't have a .xsession, you should make one) This will then make it so that any processes started by your window manager (which, unless you use something like tkdesk and start it from your .xsession, should be every X app you run). Now, you still need to run ssh-add at some point - I suggest either get used to typing it in every time you log back in to X, or put ssh-add in your window managers init function. (This is easy to do with fvwm2, and will be just as easy to with fvwm95 once I get my new version released; I can't speak for other window managers). Setting up ssh-agent and an automatic ssh-add for telnet and console logins is left as an exercise for the reader. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
