Re: ssh
- From: "Guillermo Garron" <guillermo.fedora@xxxxxxxxx>
- Date: Wed, 28 Feb 2007 17:29:11 -0400
On 2/28/07, Roberto C. Sanchez <roberto@xxxxxxxxxxxx> wrote:
On Wed, Feb 28, 2007 at 03:42:48PM +0100, Giacomo Montagner wrote:
>
>
> Hi!
> Usually I do not change anything in ssh configuration. All I do is this:
>
> On source machine:
>
> user1@host1:~$ ssh-keygen -t dsa
> <use empty passphrase>
>
> user1@host1:~$ cat ~/.ssh/id_dsa.pub
>
> On destination machine:
> user2@host2:~$ vi ~/.ssh/authorized_keys
> <paste the content of user1@host1's id_dsa.pub and save the file>
>
> Now you should be able to do:
> user1@host1:~$ ssh user2@host2
>
> without needing to type any password.
>
> Hope this helps.
>
Ahh. That's what I was afraid of. Having ssh keys without a passphrase
is convenient, but very insecure. You are better off without the keys.
For the longest time I did not understand that, then some kind soul on
this list pointed to ssh-agent and keychain. Very minor inconvenience
(enter the passphrase once when you login), and *much* more secure.
I use this method, (without passphrase) to be able to run script (with
cronjob) from one machine into other, if I put a passphrase that is
not going to work, am I right?
Anyway to get my key, a "hacker" will need access to my PC right? if
both PCs are secured there should be no chance to get my keys stolen.
--
Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."
(Using FC6, CentOS4.4 and Ubuntu 6.06)
http://feeds.feedburner.com/go2linux
http://www.go2linux.org
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
- References:
- Prev by Date: sound in iceweasel
- Next by Date: Re: konqueror is slow
- Previous by thread: Re: ssh
- Next by thread: Re: ssh
- Index(es):
Relevant Pages
|
|
