ssh-keygen between SuSE and FreeBSD
Gavin Spomer
spomerg at cwu.EDU
Thu Aug 14 17:02:14 UTC 2008
>
>>> Pollywog <lists-fbsdstable at shadypond.com> 08/14/08 9:32 AM >>>
> On Thursday 14 August 2008 15:29:27 Gavin Spomer wrote:
> > >>> Lyndon Nerenberg <lyndon at orthanc.ca> 08/13/08 7:10 PM >>>
> > >
> > > You need to start an ssh-agent on the machine you're connecting from and
> > > populate it with your keychain:
> > >
> > > eval `ssh-agent`
> > > ssh-add
> > >
> > > Add the above to your .profile, or check the Linux PAM implementation to
> > > see if it has ssh session support.
> > >
> > > --lyndon
> >
> > Thanks.
> >
> > That made it possible for me to ssh from SuSE server to FreeBSD server, but
> > now when I ssh from my Mac to SuSE server it wants a password now:
> >
> > Enter passphrase for /home/myusername/.ssh/id_rsa:
> >
> > I read the FreeBSD handbook section "14.11.7 ssh-agent and ssh-add" and
> > don't have anything much more intelligent to say but "I don't understand".
> > ;)
> >
> > Questions:
> >
> > 1. If the ssh-agent and ssh-add utilities load the keys into memory,
> > they'd be wiped if I rebooted?
>
> Yes, rebooting will take the keys out of memory and you would need to
> use 'ssh-add' on the command line to put the keys and passphrase in memory.
> The 'ssh-add -D' command removes the keys when you are done but are not
> logging out.
>
> >
> > 2. Is #1 why I'd add it to my ~/.profile?
>
> This is so that ssh-agent is set when you login at a console. I don't know
> about Mac but some Linux distributions have session scripts so that this is
> done for you when you start a KDE session. I don't believe ~/.profile will
> be read unless you login at a console or xterm or similar.
>
> When you add stuff to your ~/.profile, I recommend doing it on a separate
> account first. I once added those lines on a Linux system and was locked out
> on that account but I was able to get in with another account, su to root,
> and remove the lines in the affected user ~/.profile and then I was no longer
> locked out.
> >
> > 3. How am I able to ssh (without a password) from my Mac to SuSE server
> > or Mac to FreeBSD server when I don't have "eval `ssh-agent`" and "ssh-add"
> > in my .profile on my Mac?
>
> You can do 'ssh-agent bash' followed by 'ssh-add' but this will not work until
> you have generated your SSH keys with:
>
> ssh-keygen -t rsa -b 1024
> or
> ssh-keygen -t dsa -b 1024
>
> or similar. Until you do that, you have to use your login password and cannot
> use a passphrase since you have not set one. Setting the passphrase is part
> of the process of generating your SSH keys.
>
> BTW I do not know if you are using the "keychain" utility. Be very careful
> with it. It can be confusing. I found it inconvenient to use and no longer
> use it.
>
> There are some fine SSH tutorials online, I believe "OnLamp" has some. Just
> make sure they are not more than about 3 yrs old.
All good information. Thanks. I will save this for future reference. :)
More information about the freebsd-stable
mailing list