tags 177531 + patch thanks [Bug recommends that on /devel/passwordlessssh should be warned more explicitly that using a public ssh key without passphrase can be very dangerous on non-private machines]
I have written a new version of http://www.debian.org/devel/passwordlessssh as recommended in the bug report. Comments welcome. Only text, no wml code attached. Will commit it myself when needed. ================================================== How to set up ssh so you aren't asked for a password You can create a RSA authentication key to be able to log into a remote site from your account, without having to type your password. Note that once you've set this up, if an intruder breaks into your account/site, they are given access to the site you are allowed in without a password, too! For this reason, this should never be done from root. * Run ssh-keygen(1) on your machine, and just hit enter when asked for a password. This will generate both a private and a public key. With older SSH versions, they will be stored in ~/.ssh/identity and ~/.ssh/identity.pub; with newer ones, they will be stored in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. * Next, add the contents of the public key file into ~/.ssh/authorized_keys on the remote site (the file should be mode 600). If you are a developer and you want to access debian.org systems with such a key, it's possible to have the developer database propagate your key to all of the debian.org machines. See the LDAP gateway documentation. You should then be able to use ssh to log in to the remote server without being asked for a password. Important: Note that everyone that has the private key file has the same passwordless access to the remote site. This includes any person that has root access to your local machine. Therefor it is strongly recommended, that you use a passphrase for your private key if you are not the only root on your machine. You can use ssh-agent(1) to type your password only once for all uses of a specific key in a session. You can automatically load all your keys in the agent by adding the following lines to your ~/.xsession file: eval ssh-agent ssh-add ================================================== -- *** Frank Lichtenheld <[EMAIL PROTECTED]> *** *** http://www.djpig.de/ *** see also: - http://www.usta.de/ - http://fachschaft.physik.uni-karlsruhe.de/
