DSL logs
Devin Carraway
aqua at atlantic.devin.com
Thu Jan 27 00:53:33 PST 2000
On Thu, Jan 27, 2000 at 12:43:04AM -0800, Mitchell Patenaude wrote:
> Your problem is that ssh is stopping to prompt for a password, and that
> isn't going to work. You need to get ssh to let you in on RSA/.shosts
> authentication, so it doesn't require a password.
The quick instructions, if you haven't already generated your SSH
key pair:
ssh-keygen (pick a nice long passphrase with some punctuation)
ssh bolt.sonic.net 'cat >> .ssh/authorized_keys' < ~/.ssh/identity
ssh bolt.sonic.net 'chmod go-rwx ~ ~/.ssh ~/.ssh/*'
> access to normal users. If Bolt is compromised, then an attacker
> *could* sniff your password with this scheme, whereas they wouldn't
> be able to if you just did a direct, unecrypted connection to the
RSA authentication reduces this problem considerably, yes. If
you're running ssh-agent (which you will probably find convenient, if you're
using fetchmail), you should generally instruct ssh not to forward the agent
to hosts you don't trust (never trust a shell server). That's done by
adding an entry to your ~/.ssh/config file of the general form:
Host isp.shell.server
ForwardAgent no
ForwardX11 no
(the X11 part isn't related, but isn't a bad idea either)
Lots of neat tricks available in that file, BTW. Setting default
ciphers and compression levels is particularly useful.
--
Devin \ aqua(at)devin.com, finger for PGP; http://www.devin.com
Carraway \ IRC: Requiem GCS/CC/L s-:--- !a !tv C++++$ ULB+++$ O+@ P L+++
More information about the talk
mailing list