[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: SSH Key authentication

From: <dschaible obiwan balmar com>
To: guinness-list redhat com
Subject: Re: SSH Key authentication
Date: Thu, 1 Mar 2001 13:03:23 -0500 (EST)

thanks for the reply,

you did clear up the RSA, DSA, DSS confusion I was having.  (I have 3
servers I'm playing with, each with a slightly different ssh version)

Is it essential to use ssh-agent at login?  The man page says:

ssh-agent2  is  a  program  to hold authentication private
       keys.  The idea is  that  ssh-agent2  is  started  in  the
       beginning  of  an  X-session  or  a login session, and all
       other windows or programs are started as children  of  the
       ssh-agent2  program  (the  command normally starts X or is
       the user shell).  Programs started under the agent inherit
       a  connection to the agent, and the agent is automatically
       used for public key authentication when logging  to  other
       machines using ssh.

Is this a must for key based authentication?  And if so, how would I use
it to startx or at login? (preferably at login, as I don't run X on my
servers, just my desktop - and even then, net always) Simply running
'ssh-agent -c' from a console dosen't seem to work:

[root@jedi /root]# ssh-agent -c
setenv SSH2_AUTH_SOCK /tmp/ssh-root/ssh2-26946-agent;
setenv SSH2_AGENT_PID 26947;
echo Agent pid 26947;


[root@host /root]# ps x |grep ssh
 1332 ?        S      0:00 /usr/local/sbin/sshd2
25568 pts/5    S      0:00 man ssh
25699 pts/8    S      0:00 man ssh-keygen1
26802 pts/7    S      0:00 ssh dialin-1
26846 pts/4    S      0:00 man ssh-agent
26947 ?        S      0:00 ssh-agent -c
26953 pts/10   S      0:00 grep ssh

and now:

[root@host /root]# ssh-add
Failed to connect to authentication agent - agent not running?

thanks for the help so far, I have been diggin through these manpages for
ages now...

I really want to get this working so I can setup SHADOW IDS, which will
run a cron script on a host inside the firewall to login to a "sensor"
outside the firewall and grab some tcpdump files.  

thanks again

On Thu, 1 Mar 2001 guinness-list@redhat.com wrote:

> Date: Thu, 01 Mar 2001 10:29:54 -0500
> From: guinness-list@redhat.com
> To: guinness-list@redhat.com
> Subject: Re: SSH Key authentication 
> 
> On Thu, Mar 01, 2001 at 08:20:30AM -0500, dschaible@obiwan.balmar.com wrote:
> > Can someone point me to good docs concerning passwordless key-based
> > authentication for ssh2?
> 
> I'd check the ssh man page, which covers this pretty thoroughly.  If
> you've already got SSH1 working correctly, then the differences are:
>         Public Key        Private Key        Authorized Keys          Generated By*:
> SSH1        identity.pub        identity        authorized_keys          ssh-keygen
> SSH2        id_dsa.pub        id_dsa                authorized_keys2  ssh-keygen -d
> 
> * How you run ssh-keygen changes between 2.3.0p1 and 2.5.1p1, because
>   it adds support for RSA keys in protocol 2.  I've listed ssh-keygen
>   syntax for 2.3.0p1 above.  For 2.5.1p1, use: "ssh-keygen" for RSA
>   keys for protocol 1, "ssh-keygen -t dsa" for DSA keys for protocol 2,
>   and "ssh-keygen -t rsa" for RSA keys for protocol 2.
> 
> HTH,
> 
> Nalin
> 
> 
> 
> _______________________________________________
> Guinness-list mailing list
> Guinness-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/guinness-list
> 
>

Follow-Ups:
- Re: SSH Key authentication
  - From: "Mikkel L. Ellertson" <mikkel@Infinity-ltd.com>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []