ssh-keygen between SuSE and FreeBSD
Pollywog
lists-fbsdstable at shadypond.com
Thu Aug 14 16:32:19 UTC 2008
On Thursday 14 August 2008 15:29:27 Gavin Spomer wrote:
> >>> Lyndon Nerenberg <lyndon at orthanc.ca> 08/13/08 7:10 PM >>>
> >
> > You need to start an ssh-agent on the machine you're connecting from and
> > populate it with your keychain:
> >
> > eval `ssh-agent`
> > ssh-add
> >
> > Add the above to your .profile, or check the Linux PAM implementation to
> > see if it has ssh session support.
> >
> > --lyndon
>
> Thanks.
>
> That made it possible for me to ssh from SuSE server to FreeBSD server, but
> now when I ssh from my Mac to SuSE server it wants a password now:
>
> Enter passphrase for /home/myusername/.ssh/id_rsa:
>
> I read the FreeBSD handbook section "14.11.7 ssh-agent and ssh-add" and
> don't have anything much more intelligent to say but "I don't understand".
> ;)
>
> Questions:
>
> 1. If the ssh-agent and ssh-add utilities load the keys into memory,
> they'd be wiped if I rebooted?
Yes, rebooting will take the keys out of memory and you would need to
use 'ssh-add' on the command line to put the keys and passphrase in memory.
The 'ssh-add -D' command removes the keys when you are done but are not
logging out.
>
> 2. Is #1 why I'd add it to my ~/.profile?
This is so that ssh-agent is set when you login at a console. I don't know
about Mac but some Linux distributions have session scripts so that this is
done for you when you start a KDE session. I don't believe ~/.profile will
be read unless you login at a console or xterm or similar.
When you add stuff to your ~/.profile, I recommend doing it on a separate
account first. I once added those lines on a Linux system and was locked out
on that account but I was able to get in with another account, su to root,
and remove the lines in the affected user ~/.profile and then I was no longer
locked out.
>
> 3. How am I able to ssh (without a password) from my Mac to SuSE server
> or Mac to FreeBSD server when I don't have "eval `ssh-agent`" and "ssh-add"
> in my .profile on my Mac?
You can do 'ssh-agent bash' followed by 'ssh-add' but this will not work until
you have generated your SSH keys with:
ssh-keygen -t rsa -b 1024
or
ssh-keygen -t dsa -b 1024
or similar. Until you do that, you have to use your login password and cannot
use a passphrase since you have not set one. Setting the passphrase is part
of the process of generating your SSH keys.
BTW I do not know if you are using the "keychain" utility. Be very careful
with it. It can be confusing. I found it inconvenient to use and no longer
use it.
There are some fine SSH tutorials online, I believe "OnLamp" has some. Just
make sure they are not more than about 3 yrs old.
More information about the freebsd-stable
mailing list