[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Passwordless Authentication (was Re: How to reduce sid security)


Kjetil Kjernsmo écrivait :
> I've tried to do this many times, but I've failed... Is there a Very 
> Verbose Guide to Passwordless Authentication with SSH somewhere...? :-) 

All is in the man pages!

For real password-less (even for the private key, it's *bad*), try this:

  $ ssh-keygen -f test -t dsa
  (enter no passphrase, just press enter twice)
  $ cat test.pub | ssh user@host "mkdir -p .ssh ; cat >>.ssh/authorized_keys"
  (here it will ask for password)
  $ ssh -i test user@host
  (here it will not anymore)

But beware about security issues!
This example is a very bad one if you care about security!

A better aproach is to use ssh-agent to store your keys in your environment.
But here again, be carefull because it means *any* "bad" program you launch
may use your keys (and known_hosts to know where to go) to do something bad.
Any "good" Linux virus would probably try this first...

Regards, J.C.
Jean Christophe ANDRÉ <jean-christophe.andre@auf.org> http://www.vn.refer.org/
Coordonnateur technique régional / Associé technologie projet Reflets
Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP)
Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam
Tél. : +84 4 9331108   Fax : +84 4 8247383   Mobile : +84 91 3248747
/ Note personnelle : merci d'éviter de m'envoyer des fichiers PowerPoint ou   \
\ Word ; voir ici : http://www.fsf.org/philosophy/no-word-attachments.fr.html /

Reply to: