My company is in the process of converting all servers to allow only ssh login. We are using OpenSSH 2.1.0p3. We have historically used telnet but of course that got us into troubles. We have approximately 150 serverss that we need to maintain and I would like to make it as easy as possible to ssh to those machines. Ideally from my workstation I would like to be able to just type "ssh remotehost" and not be asked a password/passphrase every time. I know I could use .rhosts authentication to get this to work but this is possible the worst authentication method I have come across. I'm not a very hacker and even I can circumvent that in a day or two. I notice that with RSA authentication methods (protocol 1 only) can be used were the two machines share public keys and the workstation runs ssh-agent and ssh-add to allow the user to enter a passphrase only when a key is added the first time. All subsequent ssh request query this daemon for keys and (I think) you don't have to type a password everytime you want to ssh or scp. But we are restricting ourselves to Protocol 2 to get a higher levell of security. Protocol 2 can use DSA authentication and I have that working correctly. However, from a convenience point of view I've only suceeding from increaing the length of the password I need to type from a short 8 character password to a much lengthier passphrase. And I have to type this for every connection. Is there a way to run ssh-agent in a DSA compatible manner or is there another suitable DSA agent that could be run to provide similar functionality. If nothing exists is there anything that prevents such an agent from being created. i.e. is explicitly impossible given the SSH v2 protocol? Not that I have the time to write such an agent but maybe I could get on started. Thank for any help you can offer, - Jeff
