[plug] ssh passwords

[Craig Ringer]

On Sun, 2005-05-08 at 07:22 +1000, Onno Benschop wrote:

> For other hosts, where I do not have the ability to create an .ssh 
> directory, I am prompted for a password for every ssh transaction, be it 
> ssh or scp.

Interesting. The only hosts I don't have full access to haven't been an
issue - I've simply asked the admin to put my public key in place and
disable my password on the system (for paranoia's sake). This hasn't
been a problem.

I'm surprised you have hosts where you have ssh access, but not the
ability to make a .ssh/ dir, and whose hosts won't install a key for
you. Unfortunate.

Sometimes I've had machines where I don't have full shell access, but
have been able to:

ssh $HOST mkdir .ssh
ssh $HOST "cat > .ssh/authorized_keys" < ~/.ssh/id_rsa.pub

to install the key. Of course, a well locked down account won't permit
that.

Unfortunately it doesn't seem like ssh uses ssh-askpass when requesting
a login password, only a key passphrase - otherwise that might have been
worth exploring. I'm surprised William Kenworthy's suggestion works,
actaully, as ssh is normally really paranoid about grabbing the terminal
when reading the password.

> (I've looked into ssh-agent, but my understanding is that it needs a set 
> of keys on both ends, which appears to me to defeat the purpose.)

Well, it needs your private key where it can be accessed locally, and
your public key on the host you wish to connect to, just like normal
key-based auth for ssh. The point of ssh-agent is that it lets you avoid
having to enter your (probably long) ssh key passphrase every single
time you use the key.

-- 
Craig Ringer