RE: Re: Passwordless ssh, "once and for all"...

Congrats!

Host based authentication sets up a condition of trust relationships on a host level not on a user level. You set up a situation where a compromised host has greater ability to take advantage of such trust relationships.

Read ssh(8) again.

What I would do: use ssh-agent and turn on agent forwarding. I use keychain[0] to manage ssh-agents when connecting from Unix clients.

On Windows clients, I use pagent[1] to manage my keys.

[0] http://www.gentoo.org/proj/en/keychain.xml
[1] http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Hope this helps!

-----Original Message-----
From: Mike Sowka [mailto:msowka@doe.carleton.ca] Sent: Thursday, December 12, 2002 1:51 PM To: secureshell@securityfocus.com
Cc: anthony.kim@vw.com
Subject: WAS: Re: Passwordless ssh, "once and for all"...

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Thank You for all your suggestion,
I finally got -->HostbasedAuthentication<-- (which is what I was really looking for working... It involved some poorly documented details: #1 HostbasedAuthentication yes in both ssh_config and sshd_config #2 IgnorRhosts no in sshd_config

Anthony,
Given that this setup is installed on a completely separate subnet (?security not an issue?:)?)... why do you suggest this is the wrong way to go about passwordless login?

Again, Thanks,
Mike

-- 
Mike Sowka 
***********************************************************************
DISCLAIMER:  The information transmitted may contain confidential material
and is intended only for the person or entity to which it is addressed.  Any
review, retransmission, dissemination or other use of or taking of any
action by persons or entities other than the intended recipient is
prohibited.  If you are not the intended recipient, please delete the
information from your system and contact the sender.
***********************************************************************