On Thu, Jun 09, 2005 at 08:02:06PM -0400, Robert Brockway wrote: > On Thu, 9 Jun 2005, Roberto C. Sanchez wrote: > > > Sadly, most people (myself included) have no passphrase on their SSH > > Hi. Using PKI with no passphrase drops the level of security > significantly (as I'm sure you know). > > > keys. I also end up bouncing aroud a variety of machines (some Fedora > > some Windows with PuTTY and some Windows with SSH.com). So the key > > thing is a pain in the but. At least on the Linux machines it is > > straightforward and I set those up when I can to use keys instead of > > passwords. > > May I introduce you to ssh-agent and ssh-add. They are a standard part of > ssh and will operate between implementations (as long as no one has broken > their implementation). > > This is the last line of my ~/.xsession file: > > ssh-agent bash -c "ssh-add < /dev/null && /usr/bin/fvwm2" > > After entering my passphrase as part of the login process[1] I can ssh to > boxes all over the world without so much as entering my passphrase and I'm > doing it securely. Of course you need to keep your session secure if you > are doing this (and I certainly do). > > [1] I can't login successful without the passphrase. > OK. I am now reformed :-) I discovered keychain (which handles both ssh-agent and gpg-agent from both an X login and a remote login. Very nifty. I also put passphrases on my keys. I figured it was about time. Though, I must admit that the clincher for me was the integration with gpg-agent so I wouldn't need to keep typing my passphrase for that. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~sanchezr
Attachment:
pgpX9PVUiJ7Nz.pgp
Description: PGP signature