Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSH Management - Understanding RSA/DSA Authent

Posted by Hemos on from the from-the-ground-up dept.

Paul writes "I found this useful article, over at developerWorks Linux Zone that clearly explains RSA/DSA authentication. It covers what you need to get passwordless authentication implemented using RSA and DSA authentication protocols."

5 of 95 comments (clear)

  1. Using RSA authentication without a password by Dr.+Sp0ng · · Score: 4

    Reading over the comments here, it seems that people don't seem to understand the benefits of using a passphrase to unlock your key over simply using a password. Well, as long as you trust that nobody but you is going to be using your workstation (from the console - other people logged in remotely is fine) until you log out, you can put something like this in your .xinitrc file:

    exec ssh-agent sh -c 'ssh-add < /dev/null & sleep 5 ; exec wmaker'

    This pops up a window which asks for your passphrase, then ssh-agent stays resident with your unlocked secret key. After 5 seconds, it spawns windowmaker (obviously, replace this with your wm of choice).

    It sets an environment variable (SSH_AGENT_PID) with the process ID of ssh-agent and another one (SSH_AUTH_SOCK) which is the socket to use to communicate with ssh-agent. So when you try to ssh to somewhere, ssh checks for these variables and gets your unlocked key from ssh-agent transparently, and you ssh with no password. But without your passphrase to unlock it at the beginning of your X session, nobody else can use it (don't forget to xlock if you go anywhere :) And since it works through environment variables, which are passed on to children but not to other processes, the only processes which will have access to the ssh-agent are wmaker (or whatever window manager you're using) and its children - namely, anything you're running in X. It's fairly secure.
    --

  2. I wonder if /. editors read the links... by pongo000 · · Score: 4
    It covers what you need to get passwordless authentication implemented using RSA and DSA authentication protocols."
    Well, not exactly...passphraseless authentication is in part 2, which doesn't appear to have been published yet.
  3. Re:passwordless authentication by hillct · · Score: 4

    No. Public Key authentication is exactly that. The authentication is done using a public and private key set.

    The text - or mouse movement - you (probably) entered when the key was generated was intended as a source of unique input, hopefully containing enough entropic characteristics to create a secure non-pattern based key set.

    The then probably had the option to encrypt the key using a passphrase which you'd then have to use when authenticating using that key set.

    The main difference here is that the passphrase is not a required part of a key set, and it is not the main cryptographic mechanism of the authentication process.

    --CTH

    --

    --Got Lists? | Top 95 Star Wars Line
  4. There's another good article... by Lobsang · · Score: 4
    This article on Linux-Gazette is also very good, focusing on the usage of ssh-agent.

    Have phun.

  5. lucky for you foreigners ... by beanerspace · · Score: 4
    Good thing the U.S. modified it's policy on exporting encryption technologies (a.k.a. munitions).

    Otherwise we'd have to ask those of you reading the featured article apply some mental floss and forget what you've just read, shred any hard-copies you took to the bathroom with you, and format hard drive just to insure that you haven't accidentally cached it somewhere.

    --

    healyourchurchwebsite.com - WWJB?