[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FTP access to master.debian.org

Stuart Lamble writes:
> "Brian C. White" <bcwhite@verisim.com> wrote:
> [on ssh to upload packages]
> >I've created myself a key pair and both my machine and the gateway have
> >ssh installed (and thus host key pairs).
> >
> >What do I have to put in the .shosts and .ssh/authorized_keys files to
> >be able to login this way?
> 
> What I did was generate my key pair without a pass phrase. If you give
> ssh a passphrase, it will want to know what it is before you can log into
> a remote system. I've found .shosts to be irrelevant: ~sjlam/.shosts

This is wrong.

The *right* way to do it is to generate a personal key-pair *with* a
passphrase and then read the manpages for ssh-agent and ssh-add. The
idea is that you start shh-agent <your shell> immediately after login.
Then run ssh-add, which will ask for your passphrase.

>From then on, if you ssh to a machine, the ssh-agent will take over the
burden of unlocking your private key.

I use ssh that way all the time, type passphrase once and ssh to all
over the world, without typing passwords and without making all those
accounts vulnerable, even if my machine is hacked (unless my private key
could be read from the running ssh-agent, which I doubt).

Read those manpages, it might take a while to grasp the whole picture,
but it's worth it.

-- 
Bart Schuller                  schuller@lunatech.com  http://www.lunatech.com/
Lunatech Research              At Lunalabs, where the future is made today
Partner of The Perl Institute  http://www.perl.org/  Linux  http://www.li.org/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: