Re: [SLUG] SSH Question

From: Russell Hires (rhires@earthlink.net)
Date: Thu Aug 16 2001 - 06:18:46 EDT


> Are you asking about how to make password-less authentication work
> between two machines,
no
> or how to determine the key fingerprint for
> the host key while logged into the host machine?
Not exactly this, either. When I'm at localbox and I want to log into
remotebox for the first time, I'm presented with a key fingerprint. How do I
get the remotebox to tell me what its key fingerprint is when I'm at that
machine? Although I think I've got it figured out. I'll just do a "ssh
localhost" and see what the key is, then just write it down. That way I'll
know that I've got the right key.

I'll work on the below next.

Thanks!

Russell

> If you want passwordless logins, the you need to add the identity.pub
> to the ~/.ssh/authorized_keys on the _remote_ box. Don't do it
> as root, do it as the owner of ~, and set the permissions of
> authorized_keys to 600, owned by whomever owns ~.
>
> Also consider password protecting the private key (identity) and use
> ssh-agent to manage the keys and authentication. Without a password,
> if someone can use your account on localbox, they immediately
> have access to remotebox and whatever other machines where your
> identity.pub might reside. All a cracker needs to do is check your
> known_hosts for a list of machines you have visited and start trying.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:29:50 EDT