This thread is to discuss the article titled: Using Keys with SSH

I agree that there is some added risk to using public key authentication with SSH, but this can be mitagated by keeping your private key secure.

I think that this is a better solution then depending on expect scripts, where if you do not want to type in all your passwords in each time you run the script you must embed the passwords in either the script or some other reachable data file.

I am unaware of other options that will allow an administrator to run scripts on remote systems. If your system is too important to risk one of the above situations you can of course avoid both of these, but it means that you will have to manually login these systems when you have work to do, which is workable if you only have a few machines to work with, or if you simply are a glutton for punishment.

Hi,
I have troubles to work with keys authentification for users.
For root it is going well, but I neet set "PermitRootLogin no" in /etc/ssh/sshd_config it don't work for users.
I think, that it is security requirement to set PermitRootLogin to no.
Is it possible to work also for users?

Luskacik.

------
Correction:
Of course it is possible to log like another user.
# su localuser
$ ssh remoteuser@remotehost

Sorry for so stupid question above. :-)

I don't mean to be splitting hairs here, but I'd like to make the following corrections nonetheless:

The line:
[cpde]% ssh-keygen -t dsa[/code]

has an incorrectly spelled [code] tag, and as such the code box is not being rendered. I don't think this was intentional, just a simple typo on Jeremy's (or whoever posted this) part.

Secondly, I'd like to comment about the following statement:

This quote seems to suggest that the private key is actually transmitted to the remote machine (so that the remote machine can use it as part of the authentication process), which is not the case. I think this paragraph would be better rephrased as something like this:

Just my 2 cents...