setting a password less ssh connection
Jonathan Underwood
jonathan.underwood at gmail.com
Wed May 24 09:58:52 UTC 2006
On 20/05/06, Aldo Foot <lunixer at gmail.com> wrote:
> Have you looked into ssh-agents and passprahses?
> No password required, only a running agent and a good passprhase.
> The above does required that you share public keys between systems.
I would echo this loudly. Passphraseless keys, or worse still
passwordless login should really be avoided. The most elegant solution
is to use ssh-agent and ssh-add as managed by the keychain script
which is available from Extras (yum install keychain).
Some links about these ideas:
For ssh-agent:
http://mah.everybody.org/docs/ssh
http://www.securityfocus.com/infocus/1812
http://www.phy.bnl.gov/computing/gateway/ssh-agent.html
For keychain:
http://www.gentoo.org/proj/en/keychain/
http://www-128.ibm.com/developerworks/library/l-keyc2/
Personally I have keychain installed, with the following snippets in
.bash_profile and .bashrc:
.bash_profile:
# Set up keychain, rather than using one ssh-agent for every shell. Run the
# keychain script here for login shells, but source the keychain information
# for all shells from .bashrc.
keychain --ignore-missing -q ~/.ssh/id_rsa ~/.ssh/id_dsa
.bashrc:
# Source the keychain information. Note that keychain itself should be ran
# from .bash_profile.
if [ -f $HOME/.keychain/$HOSTNAME-sh ]; then
. $HOME/.keychain/$HOSTNAME-sh > /dev/null
fi
More information about the fedora-list
mailing list