LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue96/dorgan4.html

182 lines
6.0 KiB
HTML
Raw Permalink Blame History

<!--startcut ==============================================-->
<!-- *** BEGIN HTML header *** -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML><HEAD>
<title>SSH with keys LG #96</title>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
ALINK="#FF0000">
<!-- *** END HTML header *** -->
<!-- *** BEGIN navbar *** -->
<A HREF="dorgan3.html">&lt;&lt;&nbsp;Prev</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="index.html">TOC</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="../index.html">Front Page</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue96/dorgan4.html">Talkback</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="../faq/index.html">FAQ</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="dorgan5.html">Next&nbsp;&gt;&gt;</A>
<!-- *** END navbar *** -->
<!--endcut ============================================================-->
<TABLE BORDER><TR><TD WIDTH="200">
<A HREF="http://www.linuxgazette.com/">
<IMG ALT="LINUX GAZETTE" SRC="../gx/2002/lglogo_200x41.png"
WIDTH="200" HEIGHT="41" border="0"></A>
<BR CLEAR="all">
<SMALL>...<I>making Linux just a little more fun!</I></SMALL>
</TD><TD WIDTH="380">
<CENTER>
<BIG><BIG><STRONG><FONT COLOR="maroon">SSH with keys</FONT></STRONG></BIG></BIG>
<BR>
<STRONG>By <A HREF="../authors/dorgan.html">David Dorgan</A></STRONG>
</CENTER>
</TD></TR>
</TABLE>
<P>
<!-- END header -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>
<title></title>
<style type="text/css">
<!--
.header {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 24px;
font-weight: bold;
color: #999999;
}
.author {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
font-style: italic;
color: #666666;
margin-left: 25px;
}
.disclaimer {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
color: #CCCCCC;
margin-left: 50px;
}
.cvsinfo {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
color: #CCCCCC;
}
.body {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
margin-left: 50px;
}
-->
</style>
</head>
<body>
&nbsp;
<table border="0" cellpadding="3" cellspacing="0" width="100%"
bgcolor="#FFFFFF">
<tbody>
<tr>
<td><p>It has come to my attention that a lot of people like using ssh,
most do not use keys, some do. What struck me is that most of the
people who do use keys don't use passphrases with them, when I
asked some people why not, they said they didn't like typing their
password each time, this isn't the case. <br />
<br />
<br />
Some background, let's say you want to tell somebody your password
for an account on a machine, but you don't know who is listening,
your only method of communication is cleartext communication over an
insecure channel. Then what to do you?<br />
Public key cryptography is the answer, you can send your public key
to anybody, you just keep your private key to yourself.<br />
<br />
To create a key, simply run ssh-keygen, with the options<br />
ssh-keygen -t dsa.<br />
You should be prompted for where to save your keys, e.g.
/home/user/.ssh/id_dsa and /home/user/.ssh/id_dsa.pub<br />
Then you will be prompted for a password, public keep systems are
great for security, however they are only as good as their weakest
link, don't let your passphrase be the weakest link.<br />
<br />
You should never *EVER* put your private key on a server, you should
never put it on a disk.<br />
Personally I just keep it on my laptop, nowhere else, ever. Then put
your public key on the remote hosts in the file
/home/user/.ssh/authorized_keys .<br />
<br />
Some people have their servers setup to only accept RSA key
authentication, which isn't a bad idea.<br />
<br />
Now, people do complain about having to enter their passphrase each
time, this isn't *really* an issue. Personally I start X with a
script in rc.local.<br />
<br />
$ cat /etc/rc.local<br />
ssh-agent xdm<br />
Now once inside X as your user, type ssh-add, enter your passphrase,
now each xterm you open, you can type ssh server, and you won't be
prompted for a password.<br />
One point to note on this, be *SURE* to lock your workstation while
away, even for a few seconds.<br />
</p>
</td>
</tr>
</tbody>
</table>
<p>$Id: ssh-with-keys.html,v 1.4 2003/08/30 15:00:35 davidd Exp $ </p>
</body>
</html>
<!-- *** BEGIN author bio *** -->
<P>&nbsp;
<P>
<!-- *** BEGIN bio *** -->
<P>
<img ALIGN="LEFT" ALT="[BIO]" SRC="../gx/2002/note.png">
<em>
David has been a very productive writer and plans to contribute more of his
work in the future.
</em>
<br CLEAR="all">
<!-- *** END bio *** -->
<!-- *** END author bio *** -->
<!-- *** BEGIN copyright *** -->
<hr>
<CENTER><SMALL><STRONG>
Copyright &copy; 2003, David Dorgan.
Copying license <A HREF="../copying.html">http://www.linuxgazette.com/copying.html</A><BR>
Published in Issue 96 of <i>Linux Gazette</i>, November 2003
</STRONG></SMALL></CENTER>
<!-- *** END copyright *** -->
<HR>
<!--startcut ==========================================================-->
<CENTER>
<!-- *** BEGIN navbar *** -->
<A HREF="dorgan3.html">&lt;&lt;&nbsp;Prev</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="index.html">TOC</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="../index.html">Front Page</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue96/dorgan4.html">Talkback</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="../faq/index.html">FAQ</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="dorgan5.html">Next&nbsp;&gt;&gt;</A>
<!-- *** END navbar *** -->
</CENTER>
</BODY></HTML>
<!--endcut ============================================================-->
Reference in New Issue View Git Blame Copy Permalink