It has come to my attention that a lot of people like using ssh,
most do not use keys, some do. What struck me is that most of the
people who do use keys don't use passphrases with them, when I
asked some people why not, they said they didn't like typing their
password each time, this isn't the case.
Some background, let's say you want to tell somebody your password
for an account on a machine, but you don't know who is listening,
your only method of communication is cleartext communication over an
insecure channel. Then what to do you?
Public key cryptography is the answer, you can send your public key
to anybody, you just keep your private key to yourself.
To create a key, simply run ssh-keygen, with the options
ssh-keygen -t dsa.
You should be prompted for where to save your keys, e.g.
/home/user/.ssh/id_dsa and /home/user/.ssh/id_dsa.pub
Then you will be prompted for a password, public keep systems are
great for security, however they are only as good as their weakest
link, don't let your passphrase be the weakest link.
You should never *EVER* put your private key on a server, you should
never put it on a disk.
Personally I just keep it on my laptop, nowhere else, ever. Then put
your public key on the remote hosts in the file
/home/user/.ssh/authorized_keys .
Some people have their servers setup to only accept RSA key
authentication, which isn't a bad idea.
Now, people do complain about having to enter their passphrase each
time, this isn't *really* an issue. Personally I start X with a
script in rc.local.
$ cat /etc/rc.local
ssh-agent xdm
Now once inside X as your user, type ssh-add, enter your passphrase,
now each xterm you open, you can type ssh server, and you won't be
prompted for a password.
One point to note on this, be *SURE* to lock your workstation while
away, even for a few seconds.
|
![[BIO]](../gx/2002/note.png)
David has been a very productive writer and plans to contribute more of his
work in the future.