[KLUG Members] Passphrase-Less SSH Keys

[Scott Webster Wood]

> > I guess I'm not clearly understanding keys and accounts.  If I have
> > account "Alice" on the client, and account "Bob" on the server, can I
> > put Alice's public key in Bob's .ssh directory and have Alice log in as
> > Bob?

Check out the 'authorized_keys' information in the associated ssh/sshd man
pages.  I usually just combine all the rsa, rsa1 and dsa pub keys from my
systems and keep them handy to add to remote systems when I need this
functionality.  (something like 'cat ~/.ssh/*.pub > mysystem_sshkeys.pub' )

Then I just upload them to the remote machine and do something like 'cat
mysystem_sshkeys.pub >> ~/.ssh/authorized_keys ; chmod go-rwx
~/.ssh/authorized_keys' (the chmod is important on those files as ssh will
ignore them {generate an error and skip using them} if they aren't set right)

You might also look into the server configuration and see if rhosts or shosts
authentication with the keys is enable.  Sometimes I would use this function on
machines that were well locked down to run remote jobs without a need to use
the password.  (i.e. using both the 'authorized_keys' file with an ~/.shosts
entry for the remote account calling the job - this can also be done with an
entry in /etc/hosts.equiv depending on your configuration)

I think the case when I used this was making some automated scripts for doing
secure cross-network backups using ssh pipe chains with tar to the machine that
had the tape drive.  Be creative!  It can do a great many things if you use it
cautiously.

SW

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com