Then ssh asks for the passphrase for the key. If you can guess that, you get a prompt on my home system. (or Ken's home system, or wherever you were going)
So, the key is only as secure as the passphrase. The moral of the story: don't use easily-guessible passphrases! On Thu, Nov 14, 2002 at 09:03:28PM -0800, Mark K. Kim wrote: > Hmm... so... > > Let's say the permissions were set so that I could copy your encrypted key > to my directory. Then I ssh out to Ken's home system. Then what happens? > > Thanks! > > -Mark > > > On Thu, 14 Nov 2002, Samuel Merritt wrote: > > > There's a program called ssh-agent that takes care of just this problem. > > The keys are stored encrypted on disk with a passphrase; you run > > ssh-agent, and it creates a process and a socket that ssh processes can > > connect to in order to get the decrypted keys. You run ssh-add <keyfile> > > and enter the passphrase, and then you can ssh anywhere using that key > > without needing the passphrase again. > > > > It's not quite completely passwordless, but it avoids the problem of > > storing keys in the clear on disk. > > > > > > On Thu, Nov 14, 2002 at 06:38:00PM -0800, Mark K. Kim wrote: > > > Hmm... Not an expert here, but... > > > > > > If you setup the system so you can login from CSIF to your home machine > > > without password checking then anyone who works for CSIF can become you > > > and access your home machine as you... right? > > > > > > I guess the same would apply if someone can read your key ring so... set > > > the permissions correctly. > > > > > > -Mark > > > > > > > > > On Thu, 14 Nov 2002, Samuel Merritt wrote: > > > > > > > On Thu, Nov 14, 2002 at 12:26:40PM -0800, Ken Bloom wrote: > > > > > I'd like to be able to login to my account in the CSIF lab with the > > > > > standard DSA or RSA mechanism in SSH so that I don't have to enter a > > > > > password when I log in. I've tried following the directions on the ssh > > > > > manpage, and the ssh-agent manpage to no avail. > > > > > > > > > > Can someone give me directions how to configure this? My username is the > > > > > same on both systems, and my goal is to turn this into a bidirectional > > > > > process, so I can connect to CSIF from my computer or connect to my > > > > > computer from CSIF. > > > > > > > > The CSIF uses commercial SSH, not OpenSSH. > > > > > > > > First, you'll need to convert your public key to SECSH format. > > > > "ssh-keygen -e -f public_key_file" is the tool for this job. > > > > > > > > Then, on the CSIF, create ".ssh2" in your $HOME, if it isn't already > > > > there. Put your SECSH-format public key into $HOME/.ssh2/some_filename > > > > and then put the line "key some_filename" into > > > > $HOME/.ssh2/authorization. > > > > > > > > That'll get you set up for public-key authenticated logins to the CSIF. > > > > Coming from the CSIF is largely the same process, but in reverse. > > > > > > > > -- > > > > Samuel Merritt > > > > OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc > > > > Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/ > > > > > > > > > > -- > > > Mark K. Kim > > > http://www.cbreak.org/ > > > PGP key available upon request. > > > > > > _______________________________________________ > > > vox-tech mailing list > > > [EMAIL PROTECTED] > > > http://lists.lugod.org/mailman/listinfo/vox-tech > > > > -- > > Samuel Merritt > > OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc > > Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/ > > > > -- > Mark K. Kim > http://www.cbreak.org/ > PGP key available upon request. > > _______________________________________________ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech -- Samuel Merritt OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/
msg03643/pgp00000.pgp
Description: PGP signature
