Doing SSH right

From: andrew cooke <andrew@...>

Date: Wed, 4 Dec 2013 09:36:16 -0300

When you use ssh you should really do (at least) two things:

remote .ssh/authorized_keys file).

The first of these makes your life easier because you no longer have to type
passwords.  So I did it long ago.

But the second is a nuisance because you have to type a password (again) every
time that you use ssh.

Of course, there is a solution to this problem.  You can run a program - an
"agent" - that remembers the key for you.  This program is called ssh-agent.

At this point I must admit that I don't understand how to configure ssh-agent
in OpenSuse 13.1.  It doesn't seem to run by defeault, yet after you use it
manually once it does seem to be started by default in future.  And when it
runs automatically it is somehow connected to dbus and X.

Even though I don't understand those details, it's clear why it's connected to
X - that's something that starts once per user on the machine and so is a good
place to start the agent.

Unfortunately, that means that the agent is only visible to sessions running
within X.  Which means that my scripts to do things like manage my blog from
email no longer work.

Fortuately there's an easy fix.  Everything works with environment variables,
so you can dump those to a file when you start X and then load them in
scripts.

Everything is described at
http://www.stderr.nl/Blog/Software/Linux/ScreenAndX.html and it works
beautifully - just place the code that they use at the prompt inside the
script that uses ssh.

Andrew

Re: Doing SSH right

From: Michiel Buddingh <michiel@...>

Date: Thu, 05 Dec 2013 06:27:28 +0100

A further step, if the server is used by multiple people, might be to
enable SSHFP DNSSEC records, allowing you to skip the awkward step of
pressing 'y' and hoping for the best when ssh asks you to verify the
remote host fingerprint :).  See https://www.ietf.org/rfc/rfc4255.txt

--
Michiel