Suppose that you have access to multiple machines. Of course you do not want to type your password each time you login to them remotely because you are as lazy as me. Once upon a time, you may login to any of them remotely by adding your local host to the .rhosts file and using rlogin. Soon you find out that rlogin is not secure, thus you have to switch to ssh. Now you have the same choice as .rhosts, which is .shosts. Unfortunately, most ssh servers disable looking up .shosts file by default, since it may easily become a security hole. Why? Because the .shosts file authenticates a host instead of a user. Any malicious user from a host on that list may get access, therefore a highly protected machine may be compromised as the consequences of another less protected machine being compromised. Plus, the host based solution limits your mobility. You want to access these machines when you are traveling, don't you?
So what do you do? Setup ssh keys and make the authentication happen at per user basis. Your ssh agent will try to read the key in your home directory and use it to challenge and respond to the remote machines. The keys are as safe as anything else in your home directory, if you set proper permissions.
Details:
1. Generate the key pairs:
ssh-keygen -t rsa
You have the option of generating rsa1/rsa/dsa keys, if you know the difference. In this cas, we simply go with rsa.
2. Add the public key to the machines you want to login.
scp .ssh/id_rsa.pub your_username@target_machine:tmp_key
ssh your_username@target_machine "cat tmp_key >> .ssh/authorized_keys"
3. Let your ssh agent know your private key at your local machine.
ssh-agent sh -c 'ssh-add < /dev/null && bash'
4. Try it!
ssh your_username@target_machine
No comments:
Post a Comment