There's a program called ssh-agent that takes care of just this problem. The keys are stored encrypted on disk with a passphrase; you run ssh-agent, and it creates a process and a socket that ssh processes can connect to in order to get the decrypted keys. You run ssh-add <keyfile> and enter the passphrase, and then you can ssh anywhere using that key without needing the passphrase again.
It's not quite completely passwordless, but it avoids the problem of storing keys in the clear on disk. On Thu, Nov 14, 2002 at 06:38:00PM -0800, Mark K. Kim wrote: > Hmm... Not an expert here, but... > > If you setup the system so you can login from CSIF to your home machine > without password checking then anyone who works for CSIF can become you > and access your home machine as you... right? > > I guess the same would apply if someone can read your key ring so... set > the permissions correctly. > > -Mark > > > On Thu, 14 Nov 2002, Samuel Merritt wrote: > > > On Thu, Nov 14, 2002 at 12:26:40PM -0800, Ken Bloom wrote: > > > I'd like to be able to login to my account in the CSIF lab with the > > > standard DSA or RSA mechanism in SSH so that I don't have to enter a > > > password when I log in. I've tried following the directions on the ssh > > > manpage, and the ssh-agent manpage to no avail. > > > > > > Can someone give me directions how to configure this? My username is the > > > same on both systems, and my goal is to turn this into a bidirectional > > > process, so I can connect to CSIF from my computer or connect to my > > > computer from CSIF. > > > > The CSIF uses commercial SSH, not OpenSSH. > > > > First, you'll need to convert your public key to SECSH format. > > "ssh-keygen -e -f public_key_file" is the tool for this job. > > > > Then, on the CSIF, create ".ssh2" in your $HOME, if it isn't already > > there. Put your SECSH-format public key into $HOME/.ssh2/some_filename > > and then put the line "key some_filename" into > > $HOME/.ssh2/authorization. > > > > That'll get you set up for public-key authenticated logins to the CSIF. > > Coming from the CSIF is largely the same process, but in reverse. > > > > -- > > Samuel Merritt > > OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc > > Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/ > > > > -- > Mark K. Kim > http://www.cbreak.org/ > PGP key available upon request. > > _______________________________________________ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech -- Samuel Merritt OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/
msg03641/pgp00000.pgp
Description: PGP signature
