Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.5: Use public keys with SSH in 10.5' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Use public keys with SSH in 10.5
Authored by: vdanen on Nov 05, '07 06:12:21PM

A few corrections.

You can't simply cat the public key over to a server if you haven't created the ~/.ssh directory first. You have to create the directory first. Also, simply catting it over isn't overly smart, and you could have it refuse to use the key due to insecure permissions. You should be doing:

  1. scp ~/.ssh/id_rsa.pub user@server.com:~/
  2. ssh user@server.com
  3. mkdir .ssh && chown 0700 .ssh
  4. mv id_rsa.pub .ssh/authorized_keys && chmod 0600 .ssh/authorized_keys

And you're right, the key needs to be on the other end first, before you get this dialog because this is add the key to the running ssh-agent. If there is no pubkey negotiation, ssh-agent isn't consulted at all, you're providing a straight password to the remote sshd server.

A good primer on using OpenSSH is here: Optimizing OpenSSH [linsec.ca]. I wrote it, it's a few years old, but still really relevant for OS X or Linux (servers or clients).



[ Reply to This | # ]
10.5: Use public keys with SSH in 10.5
Authored by: vdanen on Nov 05, '07 06:19:38PM

Oh, I also forgot to mention that if you're calling ssh-agent directly from a .bashrc or similar file on terminal startup, you may also not get this prompt. You'll know whether or not this is the case by doing:

$ env | grep SSH

If you see something like SSH_AUTH_SOCK=/tmp/launch-WsBdoO/Listeners then you're using the authentication socket started by launchd (presumably when you first login), if it's something else, then you've got some hunting to do in ~/.bashrc, ~/.bash_profile, ~/.zshrc, or whatever. Shouldn't be a problem for fresh installs, but if you're like me and connected to an SSHKeychain-driven ssh-agent in Tiger, then you might have some stuff to remove in those startup files.



[ Reply to This | # ]
10.5: Use public keys with SSH in 10.5
Authored by: cryptlib on Apr 25, '09 10:07:51PM

If you have yr umask correctly set, the chmod issue isn't an issue. I use tcsh with backslash_quote on, and here's the alias that's served me quite well:

% alias skeyto
cat $HOME/.ssh/id_dsa.pub | ssh !* 'perl -e \'mkdir("$ENV{HOME}/.ssh");open(A,">>$ENV{HOME}/.ssh/authorized_keys");print(A <>)\' '

Of course, you need Perl in yr path, but who doesn't have that nowadays?

---
% kill -H -1



[ Reply to This | # ]
10.5: Use public keys with SSH in 10.5
Authored by: cryptlib on Apr 25, '09 10:14:15PM
Here's the line in my rc file, with all the nasty backslashes and quotes:
alias skeyto 'cat $HOME/.ssh/id_dsa.pub | ssh \!* \'perl -e \\\'mkdir("$ENV{HOME}/.ssh");open(A,">>$
ENV{HOME}/.ssh/authorized_keys");print(A <>)\\\' \''

---
% kill -H -1

[ Reply to This | # ]