--- SSH-with-Keys-HOWTO.pristine.v0.05.sgml Wed Nov 21 11:10:42 2001 +++ SSH-with-Keys-HOWTO.sgml Wed Nov 21 11:31:58 2001 @@ -4,7 +4,7 @@ SSH with Keys HOWTO <author>Dave Aaldering, <tt/dave@puddingonline.com/ - <date>v0.05 2001/11/21 + <date>v0.06-beta 2001/11/21 <abstract>This document shows how you can use SSH with keys, passphrase and ssh-agent under console or the X Window System. </abstract> @@ -208,6 +208,8 @@ If you take a peek inside your public keys, you will find it to be a bunch of crypto, separated over a couple of lines. It is worth to note that the entire public key file should be one line in the authorized_keys files. So using >> is preferred over copying and pasting it from one document to another. This could put spaces in line breaks etcetera. (We will get back on that, when using several keys, later on in this document). +If you need to transfer keys between commercial SSH1, commercial SSH2 and/or OpenSSH systems, take a look at <url name="ssh-keyinstall" url="http://www.stearns.org/ssh-keyinstall/">. This tool detects the local and remote ssh versions and installs the public key in the correct location on the remote machine, performing any necessary translations in the process. + Either way, your keys are in place, you are ready to go to the final step and login using your keys. </p> @@ -253,7 +255,29 @@ </p> <sect>SSH with keys and the agent under X -<p>This part is next in line :)</p> +<p>If you start up X from the command line, here's one approach to starting X with the agent. Open up a terminal, and type:</p> + +<code> +ssh-agent startx & sleep 10 ; exit +</code> + +<p>This starts up X inside the ssh-agent. After 10 seconds - enough time for X to get going - the terminal closes itself, making it impossible for someone to get a shell prompt by simply ctrl-alt-fx switching to that terminal.</p> + +<p>Once X starts, open up a shell and type: + +<code> +ssh-add +</code> + +<p>Once you enter your passphrase, all windows you open under this X session can use the ssh-agent to get you private key. It's rather important that you lock your terminal whenever you're away from it with something like:</p> + +<code> +xlock +</code> + +<p>to keep others from sitting down at your machine and instantly getting access to all the remote machines with your key.</p> + +<p>This part is in progress :)</p> <sect>More information <p>Where you can find links to discussion, and other related HOWTO's and items. @@ -264,6 +288,10 @@ <item><url name="SSL-RedHat-HOWTO" url="http://www.linuxdoc.org/HOWTO/SSL-RedHat-HOWTO.html">. Using SSL applications under for instance Apache.</item> <item><url name="Compressed-TCP" url="http://www.linuxdoc.org/HOWTO/mini/Compressed-TCP.html">. Compressed TCP-IP-sessions using SSH-like tools.</item> <item><url name="Keychain, a key management application" url="http://www.gentoo.org/projects/keychain/">.</item> +<item><url name="ssh-keyinstall utility" url="http://www.stearns.org/ssh-keyinstall/">.</item> +<item><url name="Another introduction to ssh" url="http://www.stearns.org/doc/ssh-intro.html">.</item> +<item><url name="ssh advanced techniques article" url="http://www.stearns.org/doc/ssh-techniques.v0.81.html">.</item> + </itemize> <sect>Acknowledgments & Thanks @@ -273,6 +301,7 @@ <item>Bert Hubert, Linux guru, powerdns king, helper of the hopeless, and great company when drinking beer on various occasion's. <item>Jim Knoble, for writing x11-ssh-askpass. <item>Thom Carlin, for providing me with the feedback I was so eagerly waiting for. (And the feedback that quietly motivated me to start working on this document again.) +<item>William Stearns, for part of the SSH and X section and verious pointers. </itemize> </article>