[plug] linux<->os/x passwordless ssh
Cameron Patrick
cameron at patrick.wattle.id.au
Thu Mar 3 15:48:05 WST 2005
Craig Ringer wrote:
> Nope. I'm pretty sure authorised_keys2 was required for OpenSSH 2, which
> required separate authorised_keys files for ssh1 rsa keys and for ssh2
> rsa and dsa keys. OpenSSH 3 no longer has that limiation, and you should
> probably use authorised_keys for both (and preferably disable ssh1
> support unless you need it, or you expect to access your box via truly
> ancient clients).
Thanks for that explanation, cleared up some stuff for me too. It
looks like Open SSH 3 looks in .ssh/authorized_keys2 too though (at
least from stringsing the binary).
> Btw, if you're going to be using ssh interactively (as opposed to in a
> cron job etc) you're probably better off using a key with a passphrase
> and using the ssh-agent to avoid having to re-enter the passphrase every
> time.
And if you are using it for a cron job or similar, using Bernard's
trick of restricting the commands the keys can be used for is nice:
http://dagobah.ucc.asn.au/things/secure-backups.html
> On the other hand, I couldn't find any ssh-askpass-* programs on MacOS/X
> last time I checked, and it doesn't seem to support starting the agent
> on login... so maybe no passphrase is the sanest option on OS/X until
> Apple fix that.
There's presumably still a command line ssh-add though, so unless you
want to use the 'prompt on every use' thing (ssh-add -c) then you
should be okay. Maybe start the ssh-agent with your screen session or
something, to work around the inability to do so on log-in? (I do
something similar for quintuple agent.)
Cameron.
More information about the plug
mailing list