Comments on: SSH Key Authentication

By: Christopher Dale

Christopher Dale — Tue, 20 Nov 2007 19:31:06 +0000

Hi everyone,

It looks like the ssh-agent stuff is a bit over-complicated for me… I chose to drop this in the ~/.ssh/config file on the remote computer:

1
2
3

Host hostname.com
IdentityFile /home/randy/id_rsa
User billy

This way, I can be logged in on the remote computer as anyone and can still get back to my server by simply typing ssh hostname.com. This also makes sshfs’s connections transparent (no password prompt). Nice for automation and much easier (in my opinion) than ssh agents running around with there little black hats…

I do, however, like the ssh-agent idea for other uses though.

Thanks for the great tutorial,

Christopher

By: David

David — Thu, 15 Mar 2007 19:52:51 +0000

KDE starts ssh-agent (at least on my Kubuntu).

By: Bob

Bob — Sun, 11 Feb 2007 02:21:25 +0000

You can do the following if you want one command for getting your key into authorized_keys:

cat ~/.ssh/id_dsa.pub | ssh user@remotehost.com "cat >> ~/.ssh/authorized_keys"

Be sure to also check out the “AUTHORIZED_KEYS FILE FORMAT” section in the sshd man page. You can get some very fine grained control of what keys can and can’t do when logging in. For example, I use a passphrase-less key for backups, but only allow that key to run one command (the backup script).

By: Aaron

Aaron — Sat, 10 Feb 2007 18:46:15 +0000

dbr-

Correct. That is why it is mentioned in the tutorial, and PuTTY is a great client for Windows users. I highly recommend it.

By: dbr

dbr — Sat, 10 Feb 2007 15:45:51 +0000

Doing cat id_dsa.pub >> ~/.ssh/authorized_keys won’t overwrite anything in an existing authorized_keys file, since >> is append (> is overwrite)

Anyone using Windows to connect to SSH-servers, the PuTTY-bundle is great (It includes GUI equivalents to ssh-agent, PageAnt, and ssh-keygen, PuTTYGen, and ssh/sftp/scp clients) [ http://www.chiark.greenend.org.uk/~sgtatham/putty/ ]
- Ben

By: Aaron

Aaron — Sat, 10 Feb 2007 14:59:59 +0000

Christer-

I don’t know of a way to combine the two commands. If a file already exists containing some authorized keys, then you don’t want to overwrite that file, so it’s best to be careful.

Also, it sounds like you generated a key pair containing no passphrase. When you generate the keys, it will prompt you to enter a passphrase protecting the keys. If you enter past it, and don’t enter a passphrase, as I suspect you did, then you’ll never be prompted for it. I would advice against entering past the passphrase prompt, and entering one, then using the SSH agent to manage it.

By: Christer Edwards

Christer Edwards — Sat, 10 Feb 2007 07:57:09 +0000

Two questions here: 1) can you combine those first two commands into one using something like “scp ~/.ssh/id_dsa.pub user@yourserver.com:~/ | cat id_dsa.pub >> .ssh/authorized_keys”?

2) What do you mean you’re still using your passphrase when logging in remotely? Since I generated and appended my local key to my irssi server I have not needed a password to connect or run any user commands.