Bug#177531: New version of /devel/passwordlessssh

To: 177531@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#177531: New version of /devel/passwordlessssh
From: Frank Lichtenheld <frank@lichtenheld.de>
Date: Sun, 16 Mar 2003 19:04:24 +0100
Message-id: <[🔎] 20030316180424.GA27026@djpig.de>
Reply-to: Frank Lichtenheld <frank@lichtenheld.de>, 177531@bugs.debian.org

tags 177531 + patch
thanks

[Bug recommends that on /devel/passwordlessssh should be warned more
explicitly that using a public ssh key without passphrase can be very
dangerous on non-private machines]

I have written a new version of
http://www.debian.org/devel/passwordlessssh 
as recommended in the bug report. Comments welcome.
Only text, no wml code attached. Will commit it myself when needed.

==================================================

How to set up ssh so you aren't asked for a password

You can create a RSA authentication key to be able to log into a
remote site from your account, without having to type your password.

Note that once you've set this up, if an intruder breaks into your
account/site, they are given access to the site you are allowed in
without a password, too! For this reason, this should never be done
from root.

    * Run ssh-keygen(1) on your machine, and just hit enter when asked
      for a password. 
      This will generate both a private and a public key. With older
      SSH versions, they will be stored in ~/.ssh/identity and
      ~/.ssh/identity.pub; with newer ones, they will be stored in
      ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. 
    * Next, add the contents of the public key file into
      ~/.ssh/authorized_keys on the remote site (the file should be
      mode 600). 
      If you are a developer and you want to access debian.org systems
      with such a key, it's possible to have the developer database
      propagate your key to all of the debian.org machines. See the
      LDAP gateway documentation. 

You should then be able to use ssh to log in to the remote server
without being asked for a password. 

Important: Note that everyone that has the private key file has the
same passwordless access to the remote site. This includes any person
that has root access to your local machine. Therefor it is strongly
recommended, that you use a passphrase for your private key if you are
not the only root on your machine. You can use ssh-agent(1) to type
your password only once for all uses of a specific key in a
session. You can automatically load all your keys in the agent by
adding the following lines to your ~/.xsession file:

      eval ssh-agent
      ssh-add

==================================================

-- 
*** Frank Lichtenheld <frank@lichtenheld.de> ***
          *** http://www.djpig.de/ ***
see also: - http://www.usta.de/
          - http://fachschaft.physik.uni-karlsruhe.de/

Reply to:

Follow-Ups:
- Processed: New version of /devel/passwordlessssh
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: making mboxes available --> as *.gz
Next by Date: Processed: New version of /devel/passwordlessssh
Previous by thread: Re: making mboxes available
Next by thread: Processed: New version of /devel/passwordlessssh
Index(es):
- Date
- Thread