ssh-keygen between SuSE and FreeBSD

Pollywog lists-fbsdstable at shadypond.com
Thu Aug 14 16:32:19 UTC 2008 

On Thursday 14 August 2008 15:29:27 Gavin Spomer wrote:
> >>> Lyndon Nerenberg <lyndon at orthanc.ca> 08/13/08 7:10 PM >>>
> >
> > You need to start an ssh-agent on the machine you're connecting from and
> > populate it with your keychain:
> >
> >  	eval `ssh-agent`
> >  	ssh-add
> >
> > Add the above to your .profile, or check the Linux PAM implementation to
> > see if it has ssh session support.
> >
> > --lyndon
>
> Thanks.
>
> That made it possible for me to ssh from SuSE server to FreeBSD server, but
> now when I ssh from my Mac to SuSE server it wants a password now:
>
>    Enter passphrase for /home/myusername/.ssh/id_rsa:
>
> I read the FreeBSD handbook section "14.11.7 ssh-agent and ssh-add" and
> don't have anything much more intelligent to say but "I don't understand".
> ;)
>
> Questions:
>
>    1. If the ssh-agent and ssh-add utilities load the keys into memory,
> they'd be wiped if I rebooted?

Yes, rebooting will take the keys out of memory and you would need to 
use 'ssh-add' on the command line to put the keys and passphrase in memory.
The 'ssh-add -D' command removes the keys when you are done but are not 
logging out.

>
>    2. Is #1 why I'd add it to my ~/.profile?

This is so that ssh-agent is set when you login at a console.  I don't know 
about Mac but some Linux distributions have session scripts so that this is 
done for you when you start a KDE session.  I don't believe ~/.profile will 
be read unless you login at a console or xterm or similar.

When you add stuff to your ~/.profile, I recommend doing it on a separate 
account first.  I once added those lines on a Linux system and was locked out 
on that account but I was able to get in with another account, su to root, 
and remove the lines in the affected user ~/.profile and then I was no longer 
locked out.
>
>    3. How am I able to ssh (without a password) from my Mac to SuSE server
> or Mac to FreeBSD server when I don't have "eval `ssh-agent`" and "ssh-add"
> in my .profile on my Mac?

You can do 'ssh-agent bash' followed by 'ssh-add' but this will not work until 
you have generated your SSH keys with:

ssh-keygen -t rsa -b 1024
or
ssh-keygen -t dsa -b 1024

or similar.  Until you do that, you have to use your login password and cannot 
use a passphrase since you have not set one.  Setting the passphrase is part 
of the process of generating your SSH keys.

BTW I do not know if you are using the "keychain" utility.  Be very careful 
with it.  It can be confusing.  I found it inconvenient to use and no longer 
use it.

There are some fine SSH tutorials online, I believe "OnLamp" has some.  Just 
make sure they are not more than about 3 yrs old.

More information about the freebsd-stable mailing list