[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Remote administration of a server

On Thu, 9 Jun 2005, Roberto C. Sanchez wrote:

> Sadly, most people (myself included) have no passphrase on their SSH

Hi.  Using PKI with no passphrase drops the level of security 
significantly (as I'm sure you know).

> keys.  I also end up bouncing aroud a variety of machines (some Fedora
> some Windows with PuTTY and some Windows with SSH.com).  So the key
> thing is a pain in the but.  At least on the Linux machines it is
> straightforward and I set those up when I can to use keys instead of
> passwords.

May I introduce you to ssh-agent and ssh-add.  They are a standard part of 
ssh and will operate between implementations (as long as no one has broken 
their implementation).

This is the last line of my ~/.xsession file:

ssh-agent bash -c "ssh-add < /dev/null && /usr/bin/fvwm2"

After entering my passphrase as part of the login process[1] I can ssh to 
boxes all over the world without so much as entering my passphrase and I'm 
doing it securely.  Of course you need to keep your session secure if you 
are doing this (and I certainly do).

[1] I can't login successful without the passphrase.

Cheers,

Rob

-- 
Robert Brockway B.Sc.
Senior Technical Consultant, OpenTrend Solutions Ltd.
Ph: +1-416-669-3073 Email: rbrockway@opentrend.net http://www.opentrend.net
OpenTrend Solutions: Reliable, secure solutions to real world problems.
Contributing Member of Software in the Public Interest http://www.spi-inc.org
Reply to: