[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh keys from two behind-the-firewall boxes?

On 1 Feb 2003, Jean-Marc V. Liotier wrote:

> # On the local host :
> ssh-keygen -t dsa -f id_dsa
> # When prompted for a password, just press 'enter'.
> scp id_dsa.pub username@remote.host.net:~/

I would strongly recommend using a good pass phrase and ssh-agent.  If
someone gets your password less private key then they can have access to
all the machine you connect to (that have your public key).  It's like
having a plain text file on your local machine with the username and
password of all the machines you connect to.

> # On the remote host :
> test -d ~/.ssh || mkdir ~/.ssh
> chmod 700 ~/.ssh
> cd ~/.ssh
> touch authorized_keys2
> cat ~/id_dsa.pub >> authorized_keys2
> chmod 640 authorized_keys2
> rm -f ~/id_dsa.pub

You also need to check which sshd server is running on the remote.  This
caused me a bit of pain one day:

If the remote machine is using a SSH Communications (ssh.com) server, you
need to convert your public keys with the ssh-keygen

 $ ssh-keygen -e -f id_dsa.pub > id_dsa.pub.secsh

then scp that to ~/.ssh2/ on the remote machine and then add that key's
file name to the ~/.ssh2/authorization file:

 key id_dsa.pub.secsh

There was an article in Sys Admin magazine not too long about about how to
setup more secure password-less for use with cron and other automated
tasks, although I can't remember the tool right now.  Anyone?

Bill Moseley moseley@hank.org

Reply to: