On 2/28/07, Roberto C. Sanchez <[EMAIL PROTECTED]> wrote:
On Wed, Feb 28, 2007 at 03:42:48PM +0100, Giacomo Montagner wrote:
>
>
> Hi!
> Usually I do not change anything in ssh configuration. All I do is this:
>
> On source machine:
>
> [EMAIL PROTECTED]:~$ ssh-keygen -t dsa
> <use empty passphrase>
>
> [EMAIL PROTECTED]:~$ cat ~/.ssh/id_dsa.pub
>
> On destination machine:
> [EMAIL PROTECTED]:~$ vi ~/.ssh/authorized_keys
> <paste the content of [EMAIL PROTECTED]'s id_dsa.pub and save the file>
>
> Now you should be able to do:
> [EMAIL PROTECTED]:~$ ssh [EMAIL PROTECTED]
>
> without needing to type any password.
>
> Hope this helps.
>
Ahh. That's what I was afraid of. Having ssh keys without a passphrase
is convenient, but very insecure. You are better off without the keys.
For the longest time I did not understand that, then some kind soul on
this list pointed to ssh-agent and keychain. Very minor inconvenience
(enter the passphrase once when you login), and *much* more secure.
I use this method, (without passphrase) to be able to run script (with
cronjob) from one machine into other, if I put a passphrase that is
not going to work, am I right?
Anyway to get my key, a "hacker" will need access to my PC right? if
both PCs are secured there should be no chance to get my keys stolen.
--
Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."
(Using FC6, CentOS4.4 and Ubuntu 6.06)
http://feeds.feedburner.com/go2linux
http://www.go2linux.org
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
