Re: Rhosts/shosts for OpenSSH 3.4p1

From:
Date: 11/03/02

  • Next message: : "Re: X11 Forwarding" 

    Date: Sat, 02 Nov 2002 21:14:24 -0600

    Nico:

    I tried to set the same thing up here at home, without much luck.

    Fortunately, I found this article:
    http://www-106.ibm.com/developerworks/library/l-keyc.html

    Which is part 1 of 3, describing how to set up the ability to ssh without a
    password, using ssh-agent [part of open ssh], and RSA/DSA keys.

    It's pretty straight-forward really. I now am prompted for the passphrase
    the first time I sign-in, but can freely ssh between my machines thereafter.

    If I didn't shut my desktop machine down nightly, I could get by without
    entering my passphrase for days.

    It's a good read, and a reasonable compromise. From my standpoint, it
    isn't intrusive, at all......

    Good luck.

    Cheers,
    Dave

    Nico Kadel-Garcia wrote:

    >
    > I've got a user who wants to be able to have SSH based use of the .rhosts
    > or .shosts file. I've tried to talk him out of it, but for various reasons
    > he insists on having it available for several machines behind the
    > firewall.
    >
    > The problem is that I cannot get it working: I've been examining the
    > various config files and trying out various combinations. I *think* that
    > all I need to do is enable:
    >
    >
    > RhostsAuthentication yes
    > IgnoreRhosts no
    >
    > in the sshd_config, and set:
    >
    > *
    > RhostsAuthentication yes
    >
    > in ssh_config or the local config file. Or am I missing something here?
    > I've also seen recent rumors of the requirement for OpenSSH 3.4p1 on the
    > server for group access to the ~/.ssh directory by the "sshd" group.
    > Unfortunately, this seems difficult to set up since only "sshd" is a
    > member of that group, and I have to go in and set that as root since the
    > users aren't members of that group. 

    -- 
Dave Barnett

    "Who put a stop payment order on my Reality Check?"
        -- Dilbert

    Relevant Pages

    • Re: SMB vs NFS
      ... >> to only allow the machines you expect to reach you, ... SSH access is restricted to a few IP subnets where I know I'll ... What is so disaster-inviting about running SMB ... What config files is it that you need ...
      (comp.os.linux.networking)
    • Re: SSH issues with 4.9 stable (key_verify failed for server_host_key)
      ... We've been using SSH for years here to protect authentication ... information on lots of machines, and I've been using the FreeBSD STABLE ... I've attached the ssh master config files I use. ...
      (freebsd-stable)
    • Re: Can Exceed connect to linux (running Gnome) through SSH?
      ... > -These machines are in two separate physical locations and separated ... Each firewall allows SSH ... Now start xterm and you should see a window pop up" ... > I simply log in through the Gnome login screen and it works. ...
      (comp.os.linux.security)
    • (no subject)
      ... > -These machines are in two separate physical locations and separated ... Each firewall allows SSH ... Now start xterm and you should see a window pop up" ... > I simply log in through the Gnome login screen and it works. ...
      (comp.os.linux.security)
    • Re: Did I give up on telnet too easily?
      ... > If ssh is to be considered 'more secure' than telnet, ... have a mixture of Debian, Red Hat, Trustix, Tru64 Unix, and HP-UX machines. ... theirs isn't OpenSSH based, so it wouldn't have needed updating). ... > etc.) I think a better approach would be to use telnet for remote access. ...
      (comp.os.linux.networking)
    • Quantcast