[olug] SSH public/private keys

neal rauhauser neal at lists.rauhauser.net
Tue Nov 11 12:03:31 UTC 2003 


    This is a very handy technique - I figure I'm screwed if I ever lose 
my laptop since its got keys for everything. I keep my ssh hosts 
firewalled down so any would be intruder would have to be in my house, 
inside my locked & keycard protected datacenter, or inside an alarmed 
customer facility, so I'm not *that* worried about it :-)

   However, if you're even more paranoid than that I'd suggest you 
acquire the O'Reilly book on SSH and read about SSH agents - very handy 
stuff.


   Here is a little trick for you Cox victims who want to use an 
external mailer ... my mailer (inside aforementioned locked & keycarded 
datacenter) is quite fussy about who it talks to SMTP wise - it trusts 
itself and it used to trust a couple of addresses in my datacenter, but 
those just got removed as I was writing this. Its SSH port forwarding or 
not at all.

   My address at home is stable but one of the two redundant links into 
the facility is via a wireless link - so this is my solution - ports 
2025 & 2110 on my local machine are forwarded in an encrypted fashion to 
the appropriate ports on the remote system (terror).


[nealr at localhost nealr]$ cat pop
ssh -L 2110:localhost:110 terror
[nealr at localhost nealr]$ cat smtp
ssh -L 2025:localhost:25 terror
[nealr at localhost nealr]$



Eric Penne wrote:
> Here is a little howto on using ssh without a password to log in to places.
> 
> In this case I am using my home PC from my own account so that other
> people can't use my account to log into other PCs.
> 
> from my home directory I run:
> 
> ssh-keygen -t dsa
> 
> It asks where to save the file and i say /home/epenne/.ssh/id_dsa
> 
> it then asks for a passphrase and to repeat the passphrase.
> 
> Then it generates the key.  In my home directory I have .ssh/id_dsa and
> .ssh/id_dsa.pub.  I want to put the id_dsa.pub on the computer I will log
> in to in this case olug.org.
> 
> scp .ssh/id_dsa.pub epenne at olug.org:.ssh/
> 
> I then log into olug.org and mv the file .ssh/id_dsa.pub to
> .ssh/authorized_keys.
> 
> If authorized_keys is already present then I append the id_dsa.pub file to
> authorized_keys.
> 
> I log off of olug.org then I try to log back into olug.org and presto! I
> don't need a password.
> 
> Back to security.  Remember that you don't want to leave the account that
> has your private key (.ssh/id_dsa) open to anybody or they could use that
> to login to the server without the password.  You should probably
> periodically change these keys.  It isn't that hard and it saves a lot of
> typing if you login to a certain machine many times.
> 
> Eric Penne
> 
> 
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
> 
> 


-- 
mailto:neal at lists.rauhauser.net
phone:402-301-9555
IM:Neal R Rauhauser
"After all that I've been through, you're the only one who matters,
you never left me in the dark here on my own" - Widespread Panic

More information about the OLUG mailing list