[nflug] backups on an nfs server

Robert Meyer meyer_rm at yahoo.com
Mon Aug 7 14:50:31 EDT 2006


SSH security done with keys is dependant on keeping the private key secure.  I
use ssh keys for some things.  The private key goes in your $HOME/.ssh
directory.  Your home directory cannot be writable by anyone than yourself and
the .ssh directory must be mode 700 (rwx------).  You wouldn't use
public/private keys in an environment where you cannot guarantee the security
of the private key, even with a password on it.

The use for unpassworded keys is typically in an aggregate envronment where you
would be trying to use SSH and SCP to handle a group of machines as a single
entity.

Again, not a good idea unless you're sure the private keys can be safeguarded.

BTW, the private key is on the machine initiating the connection and the public
key is in the "authorized_keys" file on the remote machine (the recipient).

Hope this helps...

Cheers!

Bob

--- eric <eric at bootz.us> wrote:

> This doesn't sound good?  Is it because only I know what the key is and
> that is sort of like a password to sshd?
> 
> *** IMPORTANT **
> do NOT enter a password/passphrase if you want uninterupted login's
> *** IMPORTANT **
> 
> 
> 
> Darin Perusich wrote:
> 
> >from one of my cheat sheets...
> >
> >--------------------------
> >ssh login with NO password
> >--------------------------
> >
> >to access/logon a system using ssh without being prompted for a password
> >we need to generate ssh keys as that user, see SSH-KEYGEN(1) for
> >detailed info.
> >
> >log into the systems you wish to access with entering a password.
> >generate ssh keys. there are differect types of key's that can be
> >generated, if the systems is using ssh protocol 1 or 2 there will be
> >different keys. you can also employ different type a keys for the
> >differenc protocol versions, des, rsa, etc. see the man page for a
> >breakdown.
> >
> >        system1:> ssh-keygen -t rsa  (ssh protocol version 2)
> >
> >*** IMPORTANT **
> >do NOT enter a password/passphrase if you want uninterupted login's
> >*** IMPORTANT **
> >
> >this will create multiply files, id_rsa and id_rsa.pub for version 2,
> >and identity and identity.pub for version 1. on the remote system in the
> >users .ssh folder create an authorized_keys2 and copy the contents of
> >id_rsa.pub into it for protocol version 2, authorized_keys gets the
> >contents of identity.pub for protocol version 1.
> >
> >test by ssh'ing to the remote system.
> >
> >
> >eric wrote:
> >  
> >
> >>is it proper to automate a ssh login?
> >>
> >>
> >>    
> >>
> >
> >  
> >
> 
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug



More information about the nflug mailing list