On Nov 29, 2008, at 1:11 PM, Jos Chrispijn wrote:


From your reply on my message of 29-11-2008 21:47:
An even tighter practice is to turn off all password logins and
use only keyed connections. This is easier than it might seem
though I'll admit I think of ssh as something only a select
number of users may use and thus you know them by name
and what IPs they are permitted to connect on.
I have been thinking of that as well, but don't think I should use that yet with the knowledge I have on this.
Do you refer to manual of automatic key connections?

It's extremely easy.

Generate your key and spread it to all systems you want
to connect to. Have other users generate their key and do the
same. After everyone is set, turn off password access in
/etc/ssh/sshd_config, that file contains the docs in comments
on how to do this. You change three parameters. Then sshd
will need to be restarted. Be sure logins by key work first.

This implies how to set up your keys. This was lifted from
a helpful page on the net and modified but is pretty basic.
Creates the keys in home directory of myuserid on system
www.example.com, then moving the key to a second system
called other.example.com such that myuserid can move
between systems. The userid on the remote does not need
to be the same string as on the local system though it's shown
that way here.

www$ cd # get to your home directory
www$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/myuserid/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/myuserid/.ssh/id_rsa.
Your public key has been saved in /home/myuserid/.ssh/id_rsa.pub.
The key fingerprint is:
<fingerprintshownhere> [EMAIL PROTECTED]
www$ ssh [EMAIL PROTECTED] mkdir -p .ssh
Password: <enter password here for other system>
www$ cat .ssh/id_rsa.pub|ssh [EMAIL PROTECTED] 'cat >> .ssh/ authorized_keys'
Password:<enter password here for other system>

You are done setting up keys. Sample use of seamless login:

www$ ssh other.example.com
other$ host
other.example.com
other$ users
myuserid          ttyp0    Jul 14 05:28 (www.example.com)
other$ exit
www$

I only use this on FreeBSD and OS-X. No idea on Putty and others.

thanks for sharing,
Jos Chrispijn

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to