Re: ssh & sshd

To: <debian-user@lists.debian.org>
Subject: Re: ssh & sshd
From: "nate" <debian-user@aphroland.org>
Date: Fri, 14 Mar 2003 11:39:56 -0800 (PST)
Message-id: <[🔎] 58219.10.10.10.7.1047670796.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] 20030314180411.16931.qmail@web20502.mail.yahoo.com>
References: <[🔎] 20030314180411.16931.qmail@web20502.mail.yahoo.com>

linux learner said:

> i understand that i can log into any computer that has
> my public key in ~/.ssh/authorized_keys

yes..

>
> but when i log into my computer running sshd it
> automatically adds me to the authorized_keys list for
> that user. How do i turn it off?

I think you are confused. I have never seen SSH or SSHD
automatically add any entries to authorized_keys file.
It does automatically add the HOST public key to the
known_hosts file, this has nothing to do with the
user's public key.

> Also, what is the function of private key locking pass
> phrase?

there are 2 basic forms of SSH private keys that I'm
aware of. The most common kind is probably passphrased
locked keys. That is, when you create the key it asks
for a passphrase(this should NOT be the same as your
password). If you give it a passphrase, whenever you
try to use the key it will prompt for that passphrase,
without it, the key is useless. The other kind is when
it prompts you for a passphrase you just hit enter,
to skip it, so the key can be used for automated logins
(useful for scripts).

>
> Say i am physically logged into my home account and my
> pub and private keys are in ~/.ssh/ now when i log
> into a remote host, i give my log in and password on
> the remote host and it logs me in and if my public key
> isn?t there in authorized_keys list it is added, my
> private key pass phrase is never asked, is this
> normal?

your public key should not ever be added automatically.
if your using public key authentication, the "password"
prompt is very different from password authentication,
e.g. for RSA1 passphrase authentication you see something
like this:

aphro@defiant:~$ ssh gateway
Enter passphrase for RSA key '/home/aphro/.ssh/identity':

if your using password authentication:

aphro@defiant:~$ ssh redhat
aphro@redhat's password:

modern versions of SSH default to DSA authentication, not
RSA1(which is only available with SSH protocol v1)

I restrict my more sensitive systems to key login ONLY so
if you don't have a key all you see is:

defiant:~# ssh -l aphro gateway
Permission denied.

my preferred options for using ssh is(out of habbit):
ssh -l <username> -v -C <hostname>

(I append a -X on the end if I need X forwarding)

nate

Reply to:

References:
- ssh & sshd
  - From: linux learner <linuxlearner03@yahoo.com>

Prev by Date: Re: odd compiler behaviour?
Next by Date: Re: wget usage help, please
Previous by thread: Re: ssh & sshd
Next by thread: Toshiba laptop keybounce
Index(es):
- Date
- Thread