---------- Forwarded message ----------
Date: Mon, 11 Nov 2002 14:58:58 -0500
From: Eric Grosse <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [9fans] factotum nits
Instead of teaching a lot of Unix passwords to my factotum via secstore,
I like to use RSA authentication. Here are the steps:
1. generate a public/private key-pair:
ramfs -p
cd /tmp
aux/ssh_genkey ssh
2. add ssh.secret.factotum to your secstore:
ipso factotum
3. add ssh.public to .ssh/authorized_keys on your Unix systems.
If you're careful, at step 2 you backup on a second secstore.
You can give .ssh/authorized_keys to anybody setting up accounts
on new machines for you; that can go in the clear across the
Internet, which may may account management easier.
Presotto suggests that step 1 should be integrated into ipso.
Eric
