ssh
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
ssh [2006/06/03 06:59] – andi | ssh [2007/06/24 18:48] (current) – old revision restored andi | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Automatic SSH Logins ====== | ||
+ | |||
+ | How to make SSH logins safer (by using keys instead of short passwords) and simpler (by having less stuff to remember). | ||
+ | |||
+ | ===== Creating your Identity ===== | ||
+ | |||
+ | To identify your self you need a keypair (public and private key). Create it using [[man> | ||
+ | |||
+ | $> ssh-keygen -t dsa | ||
+ | Generating public/ | ||
+ | Enter file in which to save the key (/ | ||
+ | Enter passphrase (empty for no passphrase): | ||
+ | Enter same passphrase again: | ||
+ | Your identification has been saved in / | ||
+ | Your public key has been saved in / | ||
+ | The key fingerprint is: | ||
+ | 88: | ||
+ | |||
+ | Be sure to use a good passphrase. Use a longer but easy to remember (for you) sentence. | ||
+ | |||
+ | ===== Using Keychain ===== | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | Keychain is available as Debian package: | ||
+ | |||
+ | #> apt-get install keychain | ||
+ | |||
+ | Now we need to run it everytime it's needed - the best way is to include it into you '' | ||
+ | |||
+ | <code bash> | ||
+ | #ssh keymanager | ||
+ | if [ " | ||
+ | if [ -e / | ||
+ | keychain ~/ | ||
+ | if [ -e ~/ | ||
+ | . ~/ | ||
+ | fi | ||
+ | if [ -e ~/ | ||
+ | . ~/ | ||
+ | fi | ||
+ | fi | ||
+ | fi | ||
+ | </ | ||
+ | |||
+ | This will call keychain if it is installed and add your identity to the running ssh-agent. If no ssh-agent is running it will start one and you will be asked for your passphrase. Then all needed environment info is written to '' | ||
+ | |||
+ | Try it: | ||
+ | |||
+ | $> echo $SSH_AGENT_PID | ||
+ | 503 | ||
+ | |||
+ | ===== Authenticate by Key ===== | ||
+ | |||
+ | So now what to do with your shiny new identity stored in the running ssh-agent? Authenticate without a password of course! It's simple imagine a remote host you usually log on to with '' | ||
+ | |||
+ | $> ssh-copy-id somebody@the.remote.host | ||
+ | somebody@the.remote.host' | ||
+ | Now try logging into the machine, with "ssh ' | ||
+ | | ||
+ | .ssh/ | ||
+ | | ||
+ | to make sure we haven' | ||
+ | |||
+ | Do as you're told and try to login. If everything went well you will not be prompted to enter a password anymore. | ||
+ | |||
+ | ===== Take your identity with you ===== | ||
+ | |||
+ | Do you have multiple host in your LAN to administrate? | ||
+ | |||
+ | SSH supports something called Agent-Forwarding. You can either remember to add the commandline option '' | ||
+ | |||
+ | $> ssh -A somebody@the.remote.host | ||
+ | |||
+ | or you can add it to the ''/ | ||
+ | |||
+ | < | ||
+ | Host * | ||
+ | ForwardAgent yes | ||
+ | </ | ||
+ | |||
+ | To check if it worked you can use [[man> | ||
+ | |||
+ | $> ssh-add -L | ||
+ | |||
+ | It should print your public key. | ||
+ | |||
+ | ===== Managing SSH Connections ===== | ||
+ | |||
+ | Now you're already able to login to all your favourite hosts without typing any passwords. Unfortunately you still have to type all the host- and usernames. Lets get another tool: [[http:// | ||
+ | |||
+ | $> wget http:// | ||
+ | #> dpkg -i connmgr_1.0.0-1_all.deb | ||
+ | |||
+ | Now can add and use SSH connection profiles by using '' | ||
+ | |||
+ | **Adding a new profile**: | ||
+ | |||
+ | $> sshmgr -a remote | ||
+ | | ||
+ | add profile: remote | ||
+ | | ||
+ | enter hostname: the.remote.host | ||
+ | enter username [user]: somebody | ||
+ | enter port number [22]: | ||
+ | enter pre-command [none]: | ||
+ | $ | ||
+ | | ||
+ | successfully added the profile: " | ||
+ | |||
+ | **Connecting to a profile**: | ||
+ | |||
+ | $> sshmgr remote | ||
+ | |||
+ | Jipp thats it. And the best thing is it supports BASH completion so '' | ||