[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: setting a password less ssh connection



On 20/05/06, Aldo Foot <lunixer gmail com> wrote:
Have you looked into ssh-agents and passprahses?
No password required, only a running agent and a good passprhase.
The above does required that you share public keys between systems.

I would echo this loudly. Passphraseless keys, or worse still
passwordless login should really be avoided. The most elegant solution
is to use ssh-agent and ssh-add as managed by the keychain script
which is available from Extras (yum install keychain).

Some links about these ideas:

For ssh-agent:
http://mah.everybody.org/docs/ssh
http://www.securityfocus.com/infocus/1812
http://www.phy.bnl.gov/computing/gateway/ssh-agent.html

For keychain:
http://www.gentoo.org/proj/en/keychain/
http://www-128.ibm.com/developerworks/library/l-keyc2/

Personally I have keychain installed, with the following snippets in
.bash_profile and .bashrc:

.bash_profile:
# Set up keychain, rather than using one ssh-agent for every shell.  Run the
# keychain script here for login shells, but source the keychain information
# for all shells from .bashrc.
keychain --ignore-missing -q ~/.ssh/id_rsa ~/.ssh/id_dsa

.bashrc:
# Source the keychain information. Note that keychain itself should be ran
# from .bash_profile.
if [ -f $HOME/.keychain/$HOSTNAME-sh ]; then
   . $HOME/.keychain/$HOSTNAME-sh > /dev/null
fi


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]