Differences between version 23 and predecessor to the previous major change of SSHKeys.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 23 | Last edited on Saturday, February 18, 2006 5:08:40 pm | by JohnMcPherson | Revert |
| Older page: | version 20 | Last edited on Thursday, October 27, 2005 1:10:40 pm | by MatthiasDallmeier | Revert |
@@ -23,9 +23,9 @@
(DSA keys are probably preferable to RSA keys.)
!!! Distributing public keys
-If you accepted the defaults for ssh-keygen(1) you should have two new files in ~/.ssh, __id_dsa__ and __id_dsa.pub__ (or __id_rsa__ and __id_rsa.pub__)%%%
+If you accepted the defaults for ssh-keygen(1) you should have two new files in ~
~/.ssh, __id_dsa__ and __id_dsa.pub__ (or __id_rsa__ and __id_rsa.pub__)%%%
The .pub file is your public key, you need to upload it to all remote hosts that you want to use Keys with.%%%
You need a __.ssh__ directory in your home on the remote machine. This directory must not be group or world writable. Keys go into the __.ssh/authorized_keys__ file, which must also not be group or world writable.
One any local machine that you wish to ssh *from*, you must have the private key __id_dsa__ (unless you forward an "ssh agent", discussed below) and it must not be readable by anyone other than the owner.
Obviously the directory and these files must be owned by the correct user. If the permissions are wrong, [SSH] will refuse to read them (without telling you, unfortunately - it only cries to syslogd(8)). [Debian] provides a ssh-copy-id(1) program which does all this automagically. Just say
@@ -188,8 +188,17 @@
!!Agent Connection Forwarding
To save a lot of more typing, you can forward ssh-agent(1) information with the __-A__ option to [SSH]. You can thus keep all your credentials on a single machine. __NOTE:__ Do not forward agent connections to hosts you do not trust. Their SuperUser can steal your keys.
-__.ssh/config__ convenience (see [SSHNotes] and ssh_config(5)) is achieved using __!
ForwardAgent yes__.
+__.ssh/config__ convenience (see [SSHNotes] and ssh_config(5)) is achieved using __~
ForwardAgent yes__.
+
+If your home directory is available to multiple machines, some might or might not have ssh-agent running already; you might or might not have forwarded authentication. The following in your $HOME/.profile sets up ssh-agent if it is not present for a particular sh/bash/ksh session, but does not clobber forwarded authentication:
+
+<verbatim>
+if [ -z "$SSH_AGENT_PID" -a -z "$SSH_AUTH_SOCK" -o ! -S "$SSH_AUTH_SOCK" ]; then
+ eval `ssh-agent`
+ trap "kill -1 $SSH_AGENT_PID" EXIT
+fi
+</verbatim>
----
Part of CategorySecurity and CategoryNetworking
