two questions about SSH

Message

nahpets · Post by **nahpets** » Thu Mar 10, 2005 6:38 pm

First Question
I have 3 linux machines at 3 physical locations and I want to be able to use public/private key authentication so that any one machine can log into any of the others without needing a password. Should I create a single private/public key pair and copy the private key over to each machine, or is it better to make one key pair per machine?

Second Question
I want to be able to use key authentication to log into a Solaris machine from a Linux machine. Does anyone know how to get this working? I was told by my sysadmin that the format for the keys is different and that I need to convert them somehow. I did some googling and I can't seem to find what I need.

j0hn · Post by **j0hn** » Thu Mar 10, 2005 7:12 pm

First Q:

I'd go with different keys and use ssh-agent.

Second Q:

The Solaris box probably uses keys in the `SECSH Public Key File Format'. You can convert openssh-keys to that format using ssh-keygen with the -e option.

Xamindar · Post by **Xamindar** » Thu Mar 10, 2005 7:39 pm

Can I add a question?

How can I have my ssh session stay open when I disconnect? For example, so I can execute an emerge command and then disconnect while it completes. And then connect some time later to the same sessoon to check on its progress or cancel it?

WarMachine · Post by **WarMachine** » Thu Mar 10, 2005 7:45 pm

Xamindar wrote:Can I add a question?

How can I have my ssh session stay open when I disconnect? For example, so I can execute an emerge command and then disconnect while it completes. And then connect some time later to the same sessoon to check on its progress or cancel it?

emerge screen

as soon as you log in type screen

after you disconnect and reconnect: screen -r

phildrip · Post by **phildrip** » Thu Mar 10, 2005 8:17 pm

I have 3 linux machines at 3 physical locations and I want to be able to use public/private key authentication so that any one machine can log into any of the others without needing a password. Should I create a single private/public key pair and copy the private key over to each machine, or is it better to make one key pair per machine?

I find the easiest way to do this is to generate a key pair on each machine, and then cat each others' public keys into the ~/.ssh/authorized_keys file:

Code: Select all

ssh-keygen -t dsa

to generate a keypair. You need to use a blank keyphrase for passwordless logins. Next you need to copy each machine's pubilc key id_dsa.pub onto each of the other machines; ie machine A has the public key for both B and C, B has A and C's and C has B and A's. Add the contents of each of the public keys into the authorized_keys file:

Code: Select all

cat id_dsa.pub >> ~/.ssh/authorized_keys

and then

Code: Select all

chmod 600 ~/.ssh/authorized_keys

on each machine.

nahpets · Post by **nahpets** » Thu Mar 10, 2005 8:47 pm

Thanks all for the advice.

j0hn wrote:First Q:

I'd go with different keys and use ssh-agent.

I've never needed to use ssh-agent. Can you tell me why I should use it? If I copy the keys to each machine, and cat all 3 public keys to .ssh/authorized_keys, what do I need ssh-agent for?

j0hn · Post by **j0hn** » Thu Mar 10, 2005 9:23 pm

nahpets wrote: I've never needed to use ssh-agent. Can you tell me why I should use it? If I copy the keys to each machine, and cat all 3 public keys to .ssh/authorized_keys, what do I need ssh-agent for?

Do you supply an empty passphrase when you create your keys? In that case you don't need ssh-agent. If you want to protect your keys with a passphrase but don't want to type in that passphrase everytime you use your key you can use ssh-agent.