Diferencia entre revisiones de «SSH»
Línea 88: | Línea 88: | ||
<tt>ssh-agent(1)</tt>: this will require you to give your password to | <tt>ssh-agent(1)</tt>: this will require you to give your password to | ||
<tt>ssh-agent</tt> once in order to be able to use your private key. | <tt>ssh-agent</tt> once in order to be able to use your private key. | ||
+ | |||
+ | == OTRO: SSH Nopasswd login == | ||
+ | === Local === | ||
+ | <pre><nowiki> | ||
+ | cd .ssh | ||
+ | ssh-keygen -b 1024 -f identity -P '' -t dsa | ||
+ | scp identity.pub gacq@192.168.0.20: | ||
+ | </nowiki></pre> | ||
+ | === Remoto === | ||
+ | <pre><nowiki> | ||
+ | cat identity.pub >> .ssh/authorized_keys | ||
+ | </nowiki></pre> |
Revisión del 17:08 27 jul 2006
Contenido
General
Abrir una aplicacion X remota
encontré cómo hacer que te puedas meter en tu casa y abrir una aplicación X desde una red privada con salida con NAT
1) xhost + 2) ssh -X -l sshuser pc.micasa.net 3) xclock (debe funcionar) 4) El problema viene cuando vas a ejecutar algo de otro usuario porque haciendo su, no puede setear el DISPLAY adecuadamente, pero se resuelve así desde el usuario sshuser: gksu -g -u root /usr/X11R6/bin/xclock
te pide la password del usuario y nada más para ejecutar la aplicación. La performance, es otro tema.
ssh sin password (Rapido)
ssh-keygen -t dsa # Si el archivo ~/.ssh/authorized_keys remoto existe cat ~/.ssh/id_dsa.pub | ssh remoteuser@remotehost 'cat - >> ~/.ssh/authorized_keys' # Si el archivo ~/.ssh/authorized_keys remoto NO existe cat ~/.ssh/id_dsa.pub | ssh remoteuser@remotehost 'cat - > ~/.ssh/authorized_keys' # Opcional, qu enadie pueda leer el archivo con las claves publicas ssh remoteuser@remotehost 'chmod 700 ~/.ssh ; chmod 600 ~/.ssh/authorized_keys'
ssh sin password (Explicado)
This document explains how to authenticate through ssh to multiple machines without having to enter your password each time.
This is very useful when you are constantly invocating ssh or copying files with scp. It also allows you to make scp transfers automatically (using a cron job in one of the machines).
Check the ssh watchdog for an example of something you could accomplish with this.
Generate a public/private key pair
Run ssh-keygen -t rsa on your host machine (the one you'll be connecting from). Use the default settings and an empty passphrase:
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: 90:02:83:45:8b:3b:37:72:d4:0a:7a:5f:8e:1e:7a:38
This should generate the id_rsa.pub and id_rsa keys in your ~/.ssh directory:
-rw-r--r-- 1 user group 221 Apr 10 00:08 id_rsa.pub -rw------- 1 user group 883 Apr 10 00:08 id_rsa
The id_rsa file contains your private key. As such, it will only be readable by you (permissions mode 600). The id_rsa.pub file contains its corresponding public key.
Add the public key to the remote machine
You'll need to append your public key to the ~/.ssh/authorized_keys file in the remote machine.
You can do this with the following command:
$ ssh user@remote cat \>\> ~/.ssh/authorized_keys <~/.ssh/id_rsa.pub
If the ~/.ssh directory does not exist in the remote machine, you'll need to create it.
More information
You can read ssh-keygen(1), ssh(1) and ssh-agent(1) for more information.
Specifically, you might want to use a non-empty passphrase in combination with ssh-agent(1): this will require you to give your password to ssh-agent once in order to be able to use your private key.
OTRO: SSH Nopasswd login
Local
cd .ssh ssh-keygen -b 1024 -f identity -P '' -t dsa scp identity.pub gacq@192.168.0.20:
Remoto
cat identity.pub >> .ssh/authorized_keys