[lug] ssh help needed
Sean Reifschneider
jafo at tummy.com
Mon Oct 2 13:02:36 MDT 2000
On Mon, Oct 02, 2000 at 02:25:25PM -0500, Michael J. Hammel wrote:
>the remote system. At this point, shouldn't an ssh login get me into the
>remote system without having to be prompted for my RSA key? Have I left
Are you talking about your RSA passphrase?
[2] guin:jafo$ ssh dev
Enter passphrase for RSA key 'jafo at myromanw.tummy.com':
Your pass-phrase encrypts your RSA key. Your RSA key itself is a big,
honking number -- I doubt you're being required to enter that...
Anyway, the deal is that you can do one of two things:
Generate a new RSA key, but this time when it asks you for your
passphrase just hit <enter>.
Figure out how to use ssh-agent.
The former means that your SSH key is stored unencrypted on your machine,
anyone that can gain access to that now has access to all the keys you
have access to. However, if you protect it correctly, that probably means
they either have to be you or root, either of which can cause your
key to leak anyway.
The latter is a daemon which brokers SSH RSA key requests, so the unencrypted
key only exists in the process-space of that daemon. With root access you
can get to it, but with root access you can install a trojaned SSH which
reads your pass phrase and sends it to an IRC channel...
To try the latter try either:
ssh-agent bash
ssh-add
or if you're running X:
ssh-agent startx
ssh-add (from an X terminal).
ssh-agent starts a process which all sub-processes inherit access to.
ssh-add will add the key to the agent, and from then on you can use your
RSA key without having to provide your password.
"ssh-add -d" can be used to remove the key, requiring you to re-authenticate.
Nice for when you suspend your laptop or the like.
Sean
--
I find that a great part of the information I have was acquired by looking
up something and finding something else on the way. -- Franklin P. Adams
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
More information about the LUG
mailing list