[PLUG] ssh pass phrase authorization

Steve Bonds 1s7k8uhcd001 at sneakemail.com
Thu Feb 17 23:02:01 UTC 2005


On Thu, 17 Feb 2005 14:21:59 -0800 (PST), Rich Shepard wrote:


>    Using 'ssh -2' I'm now asked for my passphrase from salmo to tux, but not
> the other direction. Sigh. :-)
> 
>    On both hosts, authorized_keys2 have the id_dsa.pub of the other hosts,
> but not themselves.

This sounds correct.  I usually use authorized_keys (not
authorized_keys2) but OpenSSH reads both files.

>    It doesn't seem to matter if the public key is in known_hosts or not.

This is correct.  known_hosts is only used to validate that a host is
"known" and there isn't someone intercepting your TCP streams and
doing nasty things to it.  It has absolutely no bearing whatsoever on
public key vs. password authentication.  I suggest that you not worry
about this file at all for now.

> I cannot determine if that's a ssh-1 or rsa feature not used in ssh-2 and dsa.
> My google search (+ssh +known_hosts) doesn't reveal if this file is specific
> to a ssh version or encryption method.

Don't sweat this file.  It doesn't affect logging in via key.
 
>    This evening I'll fire up the portables and try them. In the meantime I
> need to get some work done.

Bah!  Work.

This ssh connection debugging document might be helpful:

http://cfm.gs.washington.edu/security/ssh/client-pkauth/problems/

  -- Steve



More information about the PLUG mailing list