On Sun, May 15, 2011 at 6:28 PM, ashwin kesavan <[email protected]> wrote: > Hi lugies, > > I work on atleast 20 to 40 machines daily. My authentication is > through LDAP. My laptop i use is windows xp and i use putty to login. > I have a desktop also which is rhel 5.4 32 bit. Now this 20 to 40 > machiines is not entirly same machine of this atleast 15 of them will > be a new machine in some dc around the globe. i want to do Private > -Public key login , instead of thorugh typing the password everytime. > because file based authentication is more secure and easy. This > private key file should not be passwordless. i want to do passphrase > protected. As any body with access to my desktop or laptop can missue > my account to wreck havoc in DC. Though it is highly unlikely that is > possible. But i dont want to take chances. Now i want to do automatic > ssh into these machines. I tried keychain , which is says it can do > that. I dont mind keying in the passphrase couple of times a day of > work. But keychain requires i copy the public key file into every > machine i login into and every machine i login. If there any other way > to do passwordless ssh without needing manually copy the pub key into > each machine. Since the central ldap server already has all the > machine details, is it possible to do it from the central server. I > dont have control over the central ldap server, but i can talk to the > person holding the central server to do if i have substantial > information. Also how do i enable automatic login from windows to > linux through putty.I mean from from my laptop to desktop. here > copying the keys is ok. Since it is a one time effort. My point is how > to generate the keys in windows. Also if i use the same key pair in > linux as well as windows that would spare some effort in windows.
I dunno. Putty should be able to use public key to login instead of password. You can shop around for a LDAP based single sign on solution. But I have not heard of anything not used anything. 20 to 40 machines a day is a huge number and I can understand that typing the password is quite painful. Why don't you run an ssh-agent(1) on one Linux host to which you login from Windows using putty and add all the private keys using ssh-add. You have to type in the passphrases but once you do it you can connect to any machine from there without password. You have to generate a key pair on that machine and copy all the public identities to each of the 20 or 40 hosts. I hope I make myself clear. -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: [email protected] _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
