Re: SSH preferences

[Steven Pritchard <steve@silug.org>]

On Wed, Jul 24, 2002 at 01:24:17AM -0500, mike808 wrote:
> What's the preferred approach from the heavy SSH users out there?
> 
> Put your public key in ~/.ssh/authorized_keys?
> ssh-agent?

Yes to both.

Then do something like this in your .Xclients-default (or .xinitrc):

    exec ssh-agent sh -c 'ssh-add < /dev/null && exec startkde'

(Substitute "startkde" with whatever is appropriate to start your
favorite desktop.)

That way when you start up X, you'll be prompted for your passphrase,
and then you can ssh anywhere that has your public key any time.

> ~/.shosts?
> /etc/ssh/shosts.equiv?

Never.

> passphrase-less private keys?

Only on very well-protected boxes.

> Lots of hard-to-remember quality passwords/passphrases is a real PITA.
> Rotating them regularly is even moreso.

I don't even bother trying to remember them.  I generate random
passwords with this:

    #!/usr/bin/perl
    use String::Random;
    print String::Random->new->randregex('\w{8}') . "\n";

Then just record the passwords in Keyring or whatever and forget them.
(Although if you end up using any random password often enough,
somehow you *will* remember them.  At least they don't confuse you
with other passwords that are similar.)

With ssh-agent (and Mozilla remembering my web passwords), I almost
don't feel overwhelmed with passwords anymore.

Steve
-- 
steve@silug.org           | Southern Illinois Linux Users Group
(618)398-7360             | See web site for meeting details.
Steven Pritchard          | http://www.silug.org/

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.