http://www.freebsdwiki.net/api.php?action=feedcontributions&user=195.5.32.230&feedformat=atomFreeBSDwiki - User contributions [en]2024-03-29T06:46:08ZUser contributionsMediaWiki 1.18.0http://www.freebsdwiki.net/index.php/Ssh,_passwordless_authenticationSsh, passwordless authentication2006-01-21T08:23:04Z<p>195.5.32.230: </p>
<hr />
<div>Sometimes, you need to be able to SSH into a remote machine for scripted maintenance purposes and not get challenged with a password. To do this, you need to set up key-based authentication between the user account you'll be using on your local computer, and the user account you'll be logging into on the remote computer. Here's a quick and dirty how-to.<br />
<br />
Creating a public/private keyset with [[ssh-keygen]] on the computer and under the user account you want to log in FROM:<br />
<br />
ph34r# '''mkdir ~/.ssh'''<br />
ph34r# '''chmod 700 ~/.ssh'''<br />
ph34r# '''cd ~/.ssh'''<br />
ph34r# '''ssh-keygen -t rsa'''<br />
Generating public/private rsa key pair.<br />
Enter file in which to save the key ("your_local_home"/.ssh/id_rsa):<br />
Enter passphrase (empty for no passphrase):<br />
Enter same passphrase again: <br />
Your identification has been saved in id_rsa.<br />
Your public key has been saved in id_rsa.pub.<br />
The key fingerprint is:<br />
17:5a:e7:77:ad:2c:0b:8e:f3:97:f8:20:53:79:69:55 root@ph34r<br />
<br />
Getting the public half of the key to the REMOTE computer and user account you want to log in TO:<br />
<br />
ph34r# '''scp ~/.ssh/id_rsa.pub jimbo@l0ath1ng.tehinterweb.net:/home/jimbo/id_rsa.ph34r.pub'''<br />
ph34r# '''ssh jimbo@l0ath1ng.tehinterweb.net'''<br />
Password:<br />
% mkdir .ssh<br />
% chmod 700 .ssh<br />
% cat id_rsa.ph34r.pub >> .ssh/authorized_keys<br />
% chmod 644 .ssh/authorized_keys<br />
<br />
Checking to make sure it worked:<br />
<br />
% '''exit'''<br />
ph34r# '''ssh jimbo@l0ath1ng.tehinterweb.net'''<br />
%<br />
<br />
Bingo.<br />
<br />
From here on out, whenever logged in as root on the computer ph34r, I will be able to SSH into my account jimbo on the machine l0ath1ng without being presented with a password challenge (assuming I did NOT enter a passphrase when I generated the RSA key in the first step). Note that I will not be able to use this key to bypass the password when logging into jimbo@l0ath1ng from any account OTHER than root@ph34r - if I were try it from jimbo@ph34r, I would still need a password.<br />
<br />
If I wanted to log in from or to any other user accounts, the steps would be the same, just do them as the appropriate user.<br />
<br />
NOTE: it is highly HIGHLY recommended that you only set up passwordless authentication to extremely neutered accounts on the target machine; perhaps an account with absolutely no privileges at all beyond [[sudo]] permission (if necessary) to run a single script which the account in question DOES NOT have write permission on. This limits the damage a potential rogue user who compromises the computer on the other end could cause.<br />
<br />
'''There are great stories, on how to securely use passwordless ssh authentication using password protected private key.'''<br><br />
[http://www-128.ibm.com/developerworks/linux/library/l-keyc.html Understanding RSA/DSA authentication, Part 1]<br><br />
[http://www-128.ibm.com/developerworks/library/l-keyc2/ OpenSSH key management, Part 2]<br><br />
[http://www-128.ibm.com/developerworks/linux/library/l-keyc3/ OpenSSH key management, Part 3]<br><br />
<br />
[[Category:Common Tasks]] [[Category:FreeBSD for Servers]][[Category:Configuring FreeBSD]]</div>195.5.32.230http://www.freebsdwiki.net/index.php/Resolv.confResolv.conf2006-01-21T07:44:39Z<p>195.5.32.230: </p>
<hr />
<div>Located at /etc/resolv.conf, this file defines your search domains and your DNS servers. You probably don't want more than 4 to 6 search domains and you '''cannot''' have more than three DNS servers listed. The format is:<br />
<br />
domain freebsdwiki.net<br />
nameserver 169.254.1.1<br />
nameserver 172.16.1.1 <br />
<br />
To search throught multiple domains use:<br />
search freebsdwiki.net another.domain.here<br />
<br />
[[Category:Important_Config_Files]][[Category:Configuring FreeBSD]]</div>195.5.32.230