Easiest way to start SSH without password request, and using the pwd stored in $HOME
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If the server is configured to use public key authentication, you only need to enter the passphrase (at the client) once a session if you use ssh-agent.
example:
eval $(ssh-agent)
ssh-add
Alternatively, look for the .xsession file your client uses then you start up.
e.g. on SuSE,
/etc/X11/xdm/sys.xsession
Look for this line. Now you just have to enter the passphrase once.
# If ssh is configured and ssh-agent is wanted set "yes"
usessh=yes
You can also have a private key without a passphrase, but that would put the server at risk if the client is stolen, or compromised. Something similar is what happened at Red Hat.
If the server is configured to use public key authentication, you only need to enter the passphrase (at the client) once a session if you use ssh-agent.
example:
eval $(ssh-agent)
ssh-add
Alternatively, look for the .xsession file your client uses then you start up.
e.g. on SuSE,
/etc/X11/xdm/sys.xsession
Look for this line. Now you just have to enter the passphrase once.
# If ssh is configured and ssh-agent is wanted set "yes"
usessh=yes
You can also have a private key without a passphrase, but that would put the server at risk if the client is stolen, or compromised. Something similar is what happened at Red Hat.
here it my ssh config :
I try to keep it cuz I know it is secured.
Quote:
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
On a LAN, yes. On the Internet, no. Macs don't normally propagate very far. But the present key exchange method is quite robust and secure (and will remain so until they perfect the quantum computer).
Basing security on Macs is not really secure anyway -- one can temporarily assign any arbitrary Mac to a NIC for various purposes.
Quote:
... the security is only based on DNS, thtat's all
What you say here isn't actually true -- if you have distributed authorization keys to all the communicating computers, and if they are physically secure, than the security isn't based on DNS any more.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
