Hello, I'm trying to understand how keep SSH from asking for my password. I've been able to use the .shosts file with the known_hosts** file, but I haven't been able to use the authorized_keys method. **(I assume the way to setup the know_hosts file is to ssh from the remote machine to my machine once and accept the key.) I was unable to use the non-.shosts setup with authorized_keys file. I did the ssh-keygen1 command to create my local private and public keys. I then copied my identity.pub file to the remote machine and called it authorized_keys. And then I removed the .shosts file. But, when I connect it asks for my pass phrase. I guess I thought it wouldn't ask for my pass phrase when using the authorized_keys setup. Can someone clear up what I did wrong when trying to set up the authorized_keys method of authentication? Also, my goal is to use a news server on my ISP, but my IP number isn't one of theirs, so I need to tunnel to their nntpd server. I do this now by issuing this: ssh1 -g -lmoseley -L1234:nntp.my.isp.com:119 my.isp.com And from then on I can access their news server via port 1234 (yes, ipchains blocks that port externally). My question is this: Can I start that ssh tunnel via indetd? I'd like to be able to just connect to that port and have the ssh tunnel started. But I can't figure out the right way to put that in my indetd.conf file. Any ideas? How come every once in a while I get this? Secure connection to my.isp.com refused; reverting to insecure method. Using rsh. WARNING: Connection will not be encrypted. Is there a limit to how often I can connect via ssh? Any way to do rdist over ssh? Thanks! Bill Moseley mailto:moseley@hank.org -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Before you go off giving yourself a nice insecure passphraseless key... There is a little gem of a program called ssh-agent. You can use it in a shell on its own, or you can adjust your dotfiles so that it starts up every time you log into X. Used in conjunction with ssh-add, it means that you enter your passphrase once and the agent remembers it for you, and forwards it along with your SSH connections so that you can nest SSH and SCP sessions without having to re-type your passphrase. In an xterm or on console: $ exec ssh-agent bash (or whatever your shell is) $ ssh-add To run it for your entire X session, you have to change your dotfiles around so that your X session gets called as an argument to ssh-agent. I did it like this: $ mv .xinitrc .Xclients create .xinitrc that looks like: --------------------- #!/bin/sh h-agent ~/.Xclients --------------------- add the following line to .Xclients after all the "test -r" lines but before the "exec $WINDOWMANAGER" line: h-add ~/.ssh/identity </dev/null (replacing "~/.ssh/identity" with wherever your SSH private key is stored.) After all those changes, the next time you log in, you should get prompted for your SSH passphrase, and then your windowmanager will start, and you won't have to type your passphrase again. -tara On Sun, Jun 11, 2000 at 04:51:41PM -0700, Bill Moseley wrote:
Hello,
I'm trying to understand how keep SSH from asking for my password. I've been able to use the .shosts file with the known_hosts** file, but I haven't been able to use the authorized_keys method.
**(I assume the way to setup the know_hosts file is to ssh from the remote machine to my machine once and accept the key.)
I was unable to use the non-.shosts setup with authorized_keys file. I did the ssh-keygen1 command to create my local private and public keys. I then copied my identity.pub file to the remote machine and called it authorized_keys. And then I removed the .shosts file.
But, when I connect it asks for my pass phrase. I guess I thought it wouldn't ask for my pass phrase when using the authorized_keys setup.
Can someone clear up what I did wrong when trying to set up the authorized_keys method of authentication?
Also, my goal is to use a news server on my ISP, but my IP number isn't one of theirs, so I need to tunnel to their nntpd server. I do this now by issuing this:
ssh1 -g -lmoseley -L1234:nntp.my.isp.com:119 my.isp.com
And from then on I can access their news server via port 1234 (yes, ipchains blocks that port externally).
My question is this: Can I start that ssh tunnel via indetd?
I'd like to be able to just connect to that port and have the ssh tunnel started. But I can't figure out the right way to put that in my indetd.conf file. Any ideas?
How come every once in a while I get this?
Secure connection to my.isp.com refused; reverting to insecure method. Using rsh. WARNING: Connection will not be encrypted.
Is there a limit to how often I can connect via ssh?
Any way to do rdist over ssh?
Thanks!
Bill Moseley mailto:moseley@hank.org
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
* T L Andrews (tla@akamai.com) [20000618 08:53]:
$ exec ssh-agent bash (or whatever your shell is) $ ssh-add
You don't need to start a new shell. Just do an 'eval `ssh-agent -s`', which will start the ssh-agent in the context of the running shell. For those times where I log into my machine a work, I have this shell funtion in .bashrc addkey() { eval $(ssh-agent -s) ssh-add ~/.ssh/identity } Philipp -- Philipp Thomas <pthomas@suse.de> Development, SuSE GmbH, Schanzaecker Str. 10, D-90443 Nuremberg, Germany #define NINODE 50 /* number of in core inodes */ #define NPROC 30 /* max number of processes */ -- Version 7 UNIX for PDP 11, /usr/include/sys/param.h -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
I haven't been sold on the RPM system yet -- it's too automatic for my likes. I never really know what was changed. For example, I was going to update my syslogd via the recommendation at http://www.suse.de/en/support/download/updates/63_update.html The description of the update says this: syslogd-1.3.33: Possible DoS (Denial of Service) attack fixed. Update recommended! Seems as if that would update to 1.3.33. So, as root I did this:
rpm -U ftp://ftp.suse.com/pub/suse/i386/update/6.3/a1/syslogd.rpm Updating etc/rc.config...
Looks like the update occurred. But, how can I tell?
/sbin/init.d/syslog restart Shutting down syslog servicesdone Starting syslog servicesdone
And then I looked at /var/log/messages and it's still running 1.3, not 1.3.33. Hum, I expected syslogd to be updated. Let's see: ls -l `which syslogd` -rwxr-xr-x 1 root root 30980 Nov 17 1999 /usr/sbin/syslogd I have no idea if the patch has been applied. I doubt that the only change was to rc.config, but how would I tell? I'm also unclear on how to apply some updates. I would think some updates to networking or, say aaa_base, might require that I drop into single mode. Is this true, and if so, how would I know when that was needed? Thanks, Bill Moseley mailto:moseley@hank.org -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
"Bill" == Bill Moseley <moseley@hank.org> writes:
> I haven't been sold on the RPM system yet -- it's too automatic > for my likes. No thank you, I want control over my system. > I never really know what was changed. > For example, I was going to update my syslogd via the > recommendation at > http://www.suse.de/en/support/download/updates/63_update.html Simple: (1) Go online and star Yast. (2) Goto Choose/Install Packages => Install Packages (3) Press enter on the Source field and choose ftp. The address defaults to the updates directory of your SuSE version. Press enter to go to the site. (4) Go through all the series, it shows you what have been changed. Just update the package that you want to. Charles -- ===================================================== One Net to rule them all, One Net to find them, One Net to bring them all, and with Linux bind them. ===================================================== -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (4)
-
cpchan@myna.com -
moseley@hank.org -
pthomas@suse.de -
tla@akamai.com