Berkeley CSUA MOTD:Entry 37241
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/04/05 [General] UID:1000 Activity:popular
4/5     

2005/4/18-19 [Computer/SW/Security] UID:37241 Activity:nil
4/18    How do I do all that dsa_id public thingie so that I can ssh/scp into
        my cluster of machines (that happen to have the same NFS mount)
        without having to type password?                -dsa ssh idiot
        \_ http://www.arches.uga.edu/~pkeck/ssh
        \_ http://www.csua.berkeley.edu/~ranga/notes/ssh_nopass.html
        \_ Assuming that all of the systems in your cluster mount your
           home directory the following will probably work for you:
           1. Generate a dsa key pair (can be on any system):
                $ cd && ssh-keygen -t dsa -f .id_dsa -P ''
              This creates .id_dsa (private key) and .id_dsa.pub (public
              key) in your home directory
           2. Copy .id_dsa.pub into your nfs accessible home directory:
                $ scp .id_dsa.pub user@host:.ssh/authorized_keys
                $ scp .id_dsa.pub user@host:.ssh/authorized_keys2
              (This assumes that you don't have authorized keys
               already)
           3. Test it out:
                $ ssh -i .id_dsa user@host
              You should not be promted for a password. If you
              are try ssh -v and/or make sure that the authorized
              keys files are 0600 and the .ssh dir is 0700.
           4. If you always want to present the same id to all hosts
              add the following to your ~/.ssh/config:
                Host *
                        IdentityFile ~/.id_dsa
              If you want to restrict (on your cluster systems) the
              hosts from which you will accept a particular id, try
              adding 'from="ip range" ' before ssh-dsa.
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/04/05 [General] UID:1000 Activity:popular
4/5     

You may also be interested in these entries...
2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil
9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2011/4/27-7/30 [Computer/SW/Security, Computer/SW/Unix] UID:54096 Activity:nil
4/28    Will wall be fixed?   - jsl
        \_ What's wall?
           \_ An anachronism from a bygone era, when computers were hard to
              comeby, the dorms didn't have net, there was no airbears, and
              when phones didn't come standard with twitter or sms.
           \_ A non useful implementation of twitter.
	...
2011/5/19-7/30 [Computer/SW/Security] UID:54110 Activity:nil
5/19    Uh, is anyone still using this? Please mark here if you post and
        haven't added this yet. I'll start:
        \_ person k
        \_ ausman, I check in about once a week.
        \_ erikred, twice a week or so.
        \_ mehlhaff, I login when I actually own my home directory instead of
	...
2011/2/14-4/20 [Computer/SW/Unix] UID:54039 Activity:nil
2/14    You sure soda isn't running windows in disguise?  It would explain the
        uptimes.
        \_ hardly, My winbox stays up longer.
        \_ Nobody cares about uptime anymore brother, that's what web2.0 has
           taught us.  Everything is "stateless".
           \_ You;d think gamers would care more about uptime.
	...
2010/8/12-9/7 [Computer/SW/Languages/Perl] UID:53922 Activity:nil
8/12    Ruby coders, do you mostly DIY your stuff or use the ruby libs out
        there?   How is their quality compared to other libs you have used
        for other langs?  Thx.
        \_ I use Ruby for hobby stuff, etc.  I use libraries for system stuff
           (web access, process, etc.) but that's about it.  Perl libraries are
           much better/more complete.  I assume because of the maturity and
	...
Cache (2656 bytes)
www.arches.uga.edu/~pkeck/ssh -> www.arches.uga.edu/~pkeck/ssh/
This works best using DSA keys and SSH2 by default as far as I can tell. All the other HOWTOs I've seen seem to deal with RSA keys and SSH1, and the instructions not surprisingly fail to work with SSH2. If this is your primary id entity key, make sure to use a good passphrase. Note : it is possible to just press the enter key when prompted for a passph rase, which will make a key with no passphrase. This is a Bad Idea fo r an identity key, so don't do it! For a test, type ssh-agent sh -c 'ssh-add < /dev/null && bash' This will start the ssh-agent, add your default identity(prompting you f or your passphrase), and spawn a bash shell. From this new shell you sh ould be able to: 6 ssh burly This should let you in without typing a password or passphrase. You can ssh and scp all you want from this bash shell and not have to t ype any password or passphrase. Using X Windows Now this is all well and good, but who wants to run their whole life from a single bash instance? If you use an X window system, you can type you r passphrase once when you fire up X and all subprocesses will have your keys stored. xinitrc file, modify your line which spawns windowmaker to read: exec ssh-agent sh -c 'ssh-add </dev/null && exec /usr/local/bin/wmaker' This will prompt you for your passphrase when you start up X, and then n ot again. Different usernames By default ssh assumes the same username on the remote machine. You are not limited to one public key in your authorized_keys2 file. rhosts file with two added benefits: * Someone would need to know your passphrase to use it, so a cracker ga ining access to an account on one machine will not jeopardize the other accounts. ssh/authorized_keys2"' Single-purpose keys So now you're sshing and scping your brains out. Sooner or later you'll c ome across one or both of these situations: 1 You want to automate some ssh/scp process to be done after hours, but can't because no one will be around to type the passphrase. ssh/whoisit Just press return when it asks you to assign it a passphrase- this will make a key with no passphrase required. The last thing on the line is just a comment, but you probably want to set it to something meaningful. Also, most examples I see use no-pty as an additional option, but this messes up the carriage-return/linefeediness of the output of the above example. ssh/authorized_keys2"' Append tempfile to your authorized_keys2 file on burly. ssh/whoisit < /dev/null && ssh burly' You can also append this "command key" to a different account's authorized_keys2 file and trigger it from a different username. ssh dir and all your keys chmodded to 700 and 600 respectively.
Cache (272 bytes)
www.csua.berkeley.edu/~ranga/notes/ssh_nopass.html
SSH Without a Password The following steps can be used to ssh from one system to another without specifying a password. Notes: * The system from which the ssh session is started via the ssh command is the client. The system to which the ssh session connects is the server.