Accessing Computer

Matthew Seaman m.seaman at infracaninophile.co.uk
Fri Jan 8 16:13:46 UTC 2010 

Carmel wrote:
> On Fri, 08 Jan 2010 10:13:52 -0500 Lowell Gilbert <freebsd-questions-local at be-well.ilk.org> articulated:
> 
>> Carmel <carmel_ny at hotmail.com> writes:
>>
>>> On Fri, 8 Jan 2010 14:58:23 +0100 Pieter de Goeje <pieter at service2media.com> articulated:
>>>
>>>> You might want to take a look at ssh-agent. I think PuTTY has an equivalent. 
>>>> It lets you do remote logins without putting your key(s) everywhere. I've not 
>>>> yet tried this myself, but I plan on testing it sometime.
>>> I use agent.  All that agent does is cache your password so you do not
>>> have to re-enter it each time you make a connection.
>> The agent can be forwarded with the connection.  
>> In your case, it would remove the need for a second key on the second machine.
> 
> I was not aware of that. I will have to read up on how to accomplish it.

You just put the public key from Computer 1 in ~/.ssh/authorized_keys on
both the machines (Computer 2, Computer 3) where you want access.  You'll
have to use 'ssh-keygen -i -f filename'  to convert the pubkey from the SSH2 
format Putty uses to the OpenSSH format FreeBSD uses, and you need to be 
careful to make the authorized_keys file writable only by the account UID.  You 
can prepend the line in the authorized_keys files with from="hostname" to only 
permit access from a specific host if you like.  See the section 
'AUTHORIZED_KEYS FILE FORMAT' in sshd(8) for details.  You don't need to
install any private keys on Computer 2 or Computer 3.

Then when you load the key into the agent, be sure and check the 'Forward
the Agent' tickbox.   Similarly, when you connect from computer 2 to computer
3 just add '-A' to the ssh command line, as in: 'ssh -A computer3' -- this 
achieves the same agent forwarding under OpenSSH.  Computer 3 will ask
computer 2 for authentication, and computer 2 will relay this request back to
computer 1 where there is access to your private key.  You can hop through a
large number of machines this way, and so long as you keep forwarding the agent
it should all work.

	Cheers,

	Matthew

Note that pageant, or ssh-agent (which is the FreeBSD equivalent) doesn't 
cache the passphrase.  It stores a decrypted copy of your private key in 
memory.  Don't leave the agent running on an unattended machine that anyone 
else can access.

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20100108/b9e55822/signature.pgp

More information about the freebsd-questions mailing list