ssh-keygen between SuSE and FreeBSD

Gavin Spomer spomerg at cwu.EDU
Thu Aug 14 17:02:14 UTC 2008 

> 
>>> Pollywog <lists-fbsdstable at shadypond.com> 08/14/08 9:32 AM >>>
> On Thursday 14 August 2008 15:29:27 Gavin Spomer wrote:
> > >>> Lyndon Nerenberg <lyndon at orthanc.ca> 08/13/08 7:10 PM >>>
> > >
> > > You need to start an ssh-agent on the machine you're connecting from and
> > > populate it with your keychain:
> > >
> > >  	eval `ssh-agent`
> > >  	ssh-add
> > >
> > > Add the above to your .profile, or check the Linux PAM implementation to
> > > see if it has ssh session support.
> > >
> > > --lyndon
> >
> > Thanks.
> >
> > That made it possible for me to ssh from SuSE server to FreeBSD server, but
> > now when I ssh from my Mac to SuSE server it wants a password now:
> >
> >    Enter passphrase for /home/myusername/.ssh/id_rsa:
> >
> > I read the FreeBSD handbook section "14.11.7 ssh-agent and ssh-add" and
> > don't have anything much more intelligent to say but "I don't understand".
> > ;)
> >
> > Questions:
> >
> >    1. If the ssh-agent and ssh-add utilities load the keys into memory,
> > they'd be wiped if I rebooted?
> 
> Yes, rebooting will take the keys out of memory and you would need to 
> use 'ssh-add' on the command line to put the keys and passphrase in memory.
> The 'ssh-add -D' command removes the keys when you are done but are not 
> logging out.
> 
> >
> >    2. Is #1 why I'd add it to my ~/.profile?
> 
> This is so that ssh-agent is set when you login at a console.  I don't know 
> about Mac but some Linux distributions have session scripts so that this is 
> done for you when you start a KDE session.  I don't believe ~/.profile will 
> be read unless you login at a console or xterm or similar.
> 
> When you add stuff to your ~/.profile, I recommend doing it on a separate 
> account first.  I once added those lines on a Linux system and was locked out 
> on that account but I was able to get in with another account, su to root, 
> and remove the lines in the affected user ~/.profile and then I was no longer 
> locked out.
> >
> >    3. How am I able to ssh (without a password) from my Mac to SuSE server
> > or Mac to FreeBSD server when I don't have "eval `ssh-agent`" and "ssh-add"
> > in my .profile on my Mac?
> 
> You can do 'ssh-agent bash' followed by 'ssh-add' but this will not work until 
> you have generated your SSH keys with:
> 
> ssh-keygen -t rsa -b 1024
> or
> ssh-keygen -t dsa -b 1024
> 
> or similar.  Until you do that, you have to use your login password and cannot 
> use a passphrase since you have not set one.  Setting the passphrase is part 
> of the process of generating your SSH keys.
> 
> BTW I do not know if you are using the "keychain" utility.  Be very careful 
> with it.  It can be confusing.  I found it inconvenient to use and no longer 
> use it.
> 
> There are some fine SSH tutorials online, I believe "OnLamp" has some.  Just 
> make sure they are not more than about 3 yrs old.

All good information. Thanks. I will save this for future reference. :)

More information about the freebsd-stable mailing list