[PLUG] ssh pass-phrase to log on to a system???
King Beowulf
kingbeowulf at gmail.com
Fri Oct 5 23:25:58 UTC 2012
On 10/04/2012 09:35 AM, Roderick A. Anderson wrote:
> Poor subject so I have to explain.
>
> I've moved to Linux Mint 13 on my netbook from Fedora 12 and would like
> to replicate some of the functionality I had before. My searches are
> taking me in circles so I'm hoping someone on the list will have the
> solution or a good pointer and/or correct terms to search with.
>
> With Fedora and CentOS (current workstation/desktop) I added a line to
> /etc/pam.d/gdm
>
> auth sufficient pam_ssh.so
>
> so when I log onto the system I can use my ssh key pass-phrase. Once
> logged in I now don't need to enter my pass-phrase when I ssh to a
> remote system that has my public key in .ssh/authorized_keys.
>
> How do I accomplish the same with a Debian based system or just Linux
> Mint? Which files, what modules, etc?
>
>
> TIA,
> Rod
If you are used to PAM for authentication, you can check the repository
to see if you can add it. I am not sure if MInt includes it (depends on
Mint flavor). Some of us don't like PAM and you can set this up without
it. Oh and I don't use graphical login: that stuff is for pansies.
I'm a bit rusty on this, but here goes:
ssh configuration and system keys (private/pub) to identify your system
are in /etc/ssh and personal keys are stored in ~/.ssh that you
generate via "ssh-keygen -t rsa" You can skip the pass phrase (leave it
empty), or enter a suitable one. If you want to automate the login
process, you can skip it.
OPINION: set ups that memorize your pass phrase are a BAD idea. For
full security ONLY YOU should know it and enter it every time you log in
to your local and/or remote box. you can use ssh-agent to store pass
phrase and keys in memory PER SESSION so that these are not floating
around your hard drive.
Then use ssh-copy-id to correctly copy your ~/.ssh./id_rsa.pub key to
the correct place. In other words, follow the instructions here:
http://www.debian-administration.org/articles/152
Have Fun
Ed
More information about the PLUG
mailing list