sshd question
Adam Nealis
adamnealis at yahoo.co.uk
Fri Jan 20 02:38:46 PST 2006
--- Matthew Seaman <m.seaman at infracaninophile.co.uk> wrote:
> Peter wrote:
> > --- Beech Rintoul <akbeech at gmail.com> wrote:
> >
> >> I'm trying to set up ssh to use keys to authenticate on a remote server.
> >> I've
> >> always used passwords in the past. I generated a key pair and exported
> >> my
> >> public key to ~/.ssh/authorized_keys on the remote machine. I changed
> >> sshd_config to "PasswordAuthentication no". when I login the remote
> >> machine
> >> still asks for a password. What do I change to just use the key to log
> >> in?
> >
> > I'm assuming you do not want to enter anything to log in right? If so,
> > you need a private key with a blank passphrase. It's hard to say from
> > here but it may be that you are being prompted for the passphrase to
> > unlock your private key.
>
> No, no, no. ssh keys with out pass-phrases are a liability. It really is a
> bad idea to do that.
Not necessarily. They are still much better than ~/.rhosts, and having
scripts containing ftp passwords. So long as you lock your screen or log
out, you're not at much more risk than without null password keys. And they
make administering several hundred hosts much easier.
Having said that, I'd never allow any host to connect as root without a
password using ssh (or over the network at all for that matter if it can
be avoided).
Adam.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the freebsd-questions
mailing list