On Tue, Apr 25, 2006 at 09:26:05PM -0400, Bruce Corbin wrote: > Thanks. I'll read up on certificates and read the link at the bottom of > your reply. It's not sinking in at the moment but hopefully it will > after a little reading. > > With respect to the problem: I want to have files on my "server" at > home and have my laptop be the only "out of house" machine that can > access them. This much I have already, but I enter a password to get > in. I may be off base, but it seems like I should be able to have the > key on the laptop and get in without using a password or pass phrase. > It isn't really a big deal, but it bothers me that I think I should be > able to do it but I can't find a way. > OK. As your user, run ssh-keygen -t dsa -b 2048
[Generates a key, DSA, 2048 bits] or similar. When it asks you for a passphrase, hit <Enter> twice - you have a null passphrase (which is fractionally less secure but that's probably OK.) Carrying out the above process creates a .ssh directory underneath your home directory. In it you should find an id_dsa and an id_dsa.pub PUBLIC is in capitals below only for emphasis: try hard not to copy private keys anywhere :) id_dsa.pub is your PUBLIC key on that machine. That's the key you copy over. id_dsa is your PRIVATE key: that never goes anywhere and should be kept safe. Touch a file in the ssh directory which will hold the keys from other machines - it must be called authorized_keys. Change its ownership to 0600 - read/write only for the owner. You need one of these files on each machine for passwordless login. touch authorized_keys ; chmod 0600 authorized_keys You need to copy across PUBLIC keys from other machines that you want to access to this file: similarly, they need the PUBLIC key from this machine. If the other machine is called foo and this one is bar and you are user myuser - scp foo's public key to the .ssh directory on bar <bar> cd ~/.ssh <bar> scp foo:/home/myuser/.ssh/id_dsa.pub foo_id_dsa.pub <bar> cat foo_id_dsa.pub >> authorized_keys Same the other way on foo with bar's keys. <foo> cd ~/.ssh scp bar:/home/myuser/.ssh/id_dsa.pub bar_id_dsa.pub <foo> cat bar_id_dsa.pub >> authorized_keys Now try an ssh from one to the other. Once you're satisfied, then you can delete the foo/bar_id_dsa.pub copies. This is all more than explained in various FAQ's and, excellently, in the O'Reilly book on SSH. > Another application for this is that it is a server oriented way of > avoiding the man-in-the-middle issue for the first connection. I > currently have no concern over this, but it is another example. > > Thank you, You're welcome. > Bruce > Andy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
