[ale] automating an ssh script?

Joseph A Knapka jknapka at earthlink.net
Thu Jul 25 00:44:02 EDT 2002 

"ChangingLINKS.com" wrote:
> 
> K, I was following the directions on:
> http://www-106.ibm.com/developerworks/linux/library/l-keyc2/
> to try to get ssh-agent to work. Unfortunately, I ran into something
> that does not seem to be covered by the directions.
> 
> I got to a point where it wanted my passphrase. I hit it with
> every passphrase I could think of and . . . see result below.
> Here's the history:
> 
> Question? Does anyone know what is going on?

Yes.
 
> [werd at funker werd]$ ssh-agent
> SSH_AUTH_SOCK=/tmp/ssh-XXRTZLfH/agent.3271; export SSH_AUTH_SOCK;
> SSH_AGENT_PID=3272; export SSH_AGENT_PID;
> echo Agent pid 3272;
> [werd at funker werd]$
> [werd at funker werd]$
> [werd at funker werd]$
> [werd at funker werd]$ eval `ssh-agent`
> Agent pid 3274
> [werd at funker werd]$ ssh-add ~/.ssh/identity
> /home/werd/.ssh/identity: No such file or directory

(1) Use ssh-keygen to generate ~/.ssh/identity and ~/.ssh/identity.pub.
The first is your personal private key, the second is your personal
public key.

> [werd at funker werd]$ touch  ~/.ssh/identity
> [werd at funker werd]$  ssh-add ~/.ssh/identity
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

(2) Be sure that ~/.ssh/identity is writable by no one, and
readable only by you. IOW "chmod 400 ~/.ssh/identity".

> Permissions 0664 for '/home/werd/.ssh/identity' are too open.
> It is recommended that your private key files are NOT accessible by others.
> This private key will be ignored.
> bad permissions: ignore key: /home/werd/.ssh/identity
> Enter passphrase for /home/werd/.ssh/identity:
> 
> [werd at funker werd]$ chmod 700 /home/werd/.ssh/identity
> [werd at funker werd]$  ssh-add ~/.ssh/identity
> Enter passphrase for /home/werd/.ssh/identity:

(3) ssh-keygen will ask you for a passphrase when you generate
your keys. You may enter nothing, which is very convenient
but very insecure. A good passphrase must have good
"entropy", which is crypto-speak for "lotsa letters". "Thanks
to Microsoft, I am now blind in both eyes" might be a
half-decent passphrase.

Cheers,

-- Joe

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list