Re: ssh keys from two behind-the-firewall boxes?
On 1 Feb 2003, Jean-Marc V. Liotier wrote:
> # On the local host :
> ssh-keygen -t dsa -f id_dsa
> # When prompted for a password, just press 'enter'.
> scp id_dsa.pub username@remote.host.net:~/
I would strongly recommend using a good pass phrase and ssh-agent. If
someone gets your password less private key then they can have access to
all the machine you connect to (that have your public key). It's like
having a plain text file on your local machine with the username and
password of all the machines you connect to.
> # On the remote host :
> test -d ~/.ssh || mkdir ~/.ssh
> chmod 700 ~/.ssh
> cd ~/.ssh
> touch authorized_keys2
> cat ~/id_dsa.pub >> authorized_keys2
> chmod 640 authorized_keys2
> rm -f ~/id_dsa.pub
You also need to check which sshd server is running on the remote. This
caused me a bit of pain one day:
If the remote machine is using a SSH Communications (ssh.com) server, you
need to convert your public keys with the ssh-keygen
$ ssh-keygen -e -f id_dsa.pub > id_dsa.pub.secsh
then scp that to ~/.ssh2/ on the remote machine and then add that key's
file name to the ~/.ssh2/authorization file:
key id_dsa.pub.secsh
There was an article in Sys Admin magazine not too long about about how to
setup more secure password-less for use with cron and other automated
tasks, although I can't remember the tool right now. Anyone?
--
Bill Moseley moseley@hank.org
Reply to: