[PLUG] ssh pass phrase authorization
Steve Bonds
1s7k8uhcd001 at sneakemail.com
Thu Feb 17 23:02:01 UTC 2005
On Thu, 17 Feb 2005 14:21:59 -0800 (PST), Rich Shepard wrote:
> Using 'ssh -2' I'm now asked for my passphrase from salmo to tux, but not
> the other direction. Sigh. :-)
>
> On both hosts, authorized_keys2 have the id_dsa.pub of the other hosts,
> but not themselves.
This sounds correct. I usually use authorized_keys (not
authorized_keys2) but OpenSSH reads both files.
> It doesn't seem to matter if the public key is in known_hosts or not.
This is correct. known_hosts is only used to validate that a host is
"known" and there isn't someone intercepting your TCP streams and
doing nasty things to it. It has absolutely no bearing whatsoever on
public key vs. password authentication. I suggest that you not worry
about this file at all for now.
> I cannot determine if that's a ssh-1 or rsa feature not used in ssh-2 and dsa.
> My google search (+ssh +known_hosts) doesn't reveal if this file is specific
> to a ssh version or encryption method.
Don't sweat this file. It doesn't affect logging in via key.
> This evening I'll fire up the portables and try them. In the meantime I
> need to get some work done.
Bah! Work.
This ssh connection debugging document might be helpful:
http://cfm.gs.washington.edu/security/ssh/client-pkauth/problems/
-- Steve
More information about the PLUG
mailing list