little confused about the ssh concept
Every one tells on the sites that I should not leave my private key unsecure but I didn't get the explanation anywhere. Why should not I do this?
I want to know how the private key of the server can be harmful if it is in wrong hands. Suppose someone gets private key of my system then how can he do the damage to my system? and Please explain the functionality of ssh-add and ssh-agent. What are these commands for? I am not able to understand the significance of these. Please explain with the example. Thanks for your help. |
Quote:
Also, they could successfully impersonate your server, thereby gaining access to account details and/or perform a man-in-the-middle attack. |
Thanks for the reply.
Suppose I have private key of the server. I do not know the password of the server as well as my public key is not saved as authorized_keys on the server. Now how can I log into server using private key. I have followed this tutorial. http://www.cyberciti.biz/faq/force-s...identity-file/ and I tried to log into server using private key but every time it asks password. Code:
# ssh -i /path/of/private/key on/my/system root@192.168.x.xx But it asks for password then how private key can be dangerous when I am not able to log in using it. |
Have a look here. The section called "Protecting your private key" is relevant to your question.
jdk |
You can use the ssh-add program to add your passphrase one time to the agent and the agent will in turn pass this authentication information automatically every time you need to use your passphrase. So the next time you run:
Quote:
Once you've verified that ssh-agent is running, you can add your ssh key to it by running the ssh-add command: Quote:
Quote:
|
All times are GMT -5. The time now is 06:13 AM. |