[gentoo-doc-cvs] cvs commit: openssh-key-management-p3.xml - gentoo-doc-cvs

From:	Xavier Neys <neysx@×××××××××××.org>
To:	gentoo-doc-cvs@l.g.o
Subject:	[gentoo-doc-cvs] cvs commit: openssh-key-management-p3.xml
Date:	Fri, 21 Oct 2005 10:39:27
Message-Id:	`200510211037.j9LAb8GR010300@robin.gentoo.org`

1

neysx       05/10/21 10:39:42

2

3

  Modified:    xml/htdocs/doc/en/articles openssh-key-management-p3.xml

4

  Log:

5

  #110008 Removed duplicate text

6

7

Revision  Changes    Path

8

1.4       +3 -60     xml/htdocs/doc/en/articles/openssh-key-management-p3.xml

9

10

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml?rev=1.4&content-type=text/x-cvsweb-markup&cvsroot=gentoo

11

plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml?rev=1.4&content-type=text/plain&cvsroot=gentoo

12

diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml.diff?r1=1.3&r2=1.4&cvsroot=gentoo

13

14

Index: openssh-key-management-p3.xml

15

===================================================================

16

RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml,v

17

retrieving revision 1.3

18

retrieving revision 1.4

19

diff -u -r1.3 -r1.4

20

--- openssh-key-management-p3.xml	9 Oct 2005 17:13:23 -0000	1.3

21

+++ openssh-key-management-p3.xml	21 Oct 2005 10:39:42 -0000	1.4

22

@@ -1,5 +1,5 @@

23

 <?xml version='1.0' encoding="UTF-8"?>

24

-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml,v 1.3 2005/10/09 17:13:23 rane Exp $ -->

25

+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml,v 1.4 2005/10/21 10:39:42 neysx Exp $ -->

26

 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">

27

28

 <guide link="/doc/en/articles/openssh-key-management-p3.xml" disclaimer="articles">

29

@@ -20,8 +20,8 @@

30

 document is an updated version of the original article, and contains

31

 various improvements made by the Gentoo Linux Documentation team -->

32

33

-<version>1.1</version>

34

-<date>2005-10-09</date>

35

+<version>1.2</version>

36

+<date>2005-10-21</date>

37

38

 <chapter>

39

 <title>Agent forwarding and keychain improvements</title>

40

@@ -182,63 +182,6 @@

41

 above:

42

 </p>

43

44

-<figure link="/images/docs/l-ssh-4.jpg" caption="ssh-agent running only on lappy; a more secure configuration"/>

45

-

46

-<p>

47

-Of course, the problem with this approach is that drobbins can now only

48

-establish passwordless connections from lappy. Let's see how to enable

49

-authentication forwarding and get around this problem.

50

-</p>

51

-

52

-<p>

53

-Assuming that all machines are running recent versions of OpenSSH, we can get

54

-around this problem by using authentication forwarding. Authentication

55

-forwarding allows remote ssh processes to contact the ssh-agent that is running

56

-on your local trusted machine -- rather than requiring a version of ssh-agent

57

-to be running on the same machine that you are sshing out from. This usually

58

-allows you to run ssh-agent (and keychain) on a single machine, and means that

59

-all ssh connections that originate (either directly or indirectly) from this

60

-machine will use your local ssh-agent.

61

-</p>

62

-

63

-<p>

64

-To enable authentication forwarding, we add the following line to lappy and

65

-trustbox's <path>/etc/ssh/ssh_config</path>. Note that this is the config file

66

-for ssh (<path>ssh_config</path>), not the ssh daemon sshd

67

-(<path>sshd_config</path>):

68

-</p>

69

-

70

-<pre caption="Add this line to your /etc/ssh/ssh_config">

71

-ForwardAgent Yes

72

-</pre>

73

-

74

-<p>

75

-Now, to take advantage of authentication forwarding, drobbins can connect from

76

-lappy to trustbox, and then from trustbox to notrust1 without supplying

77

-passphrases for any of the connections. Both ssh processes "tap in" to the

78

-ssh-agent running on lappy:

79

-</p>

80

-

81

-<pre caption="Tapping lappy">

82

-$ <i>ssh drobbins@trustbox</i>

83

-Last login: Wed Sep 26 13:42:08 2001 from lappy

84

-

85

-Welcome to trustbox!

86

-$ <i>ssh drobbins@notrust1</i>

87

-Last login: Tue Sep 25 12:03:40 2001 from trustbox

88

-

89

-Welcome to notrust1!

90

-$

91

-</pre>

92

-

93

-<p>

94

-If you try a similar configuration and find that agent forwarding isn't

95

-working, try using <c>ssh -A</c> instead of plain old ssh to explicitly enable

96

-authentication forwarding. Here's a diagram of what went on behind the scenes

97

-when we logged in to trustbox and notrust1 using authentication forwarding,

98

-above:

99

-</p>

100

-

101

 <figure link="/images/docs/l-ssh-5.jpg" caption="Agent forwarding in action"/>

102

103

<p>

--

108

gentoo-doc-cvs@g.o mailing list

1	neysx 05/10/21 10:39:42
2
3	Modified: xml/htdocs/doc/en/articles openssh-key-management-p3.xml
4	Log:
5	#110008 Removed duplicate text
6
7	Revision Changes Path
8	1.4 +3 -60 xml/htdocs/doc/en/articles/openssh-key-management-p3.xml
9
10	file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml?rev=1.4&content-type=text/x-cvsweb-markup&cvsroot=gentoo
11	plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml?rev=1.4&content-type=text/plain&cvsroot=gentoo
12	diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml.diff?r1=1.3&r2=1.4&cvsroot=gentoo
13
14	Index: openssh-key-management-p3.xml
15	===================================================================
16	RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml,v
17	retrieving revision 1.3
18	retrieving revision 1.4
19	diff -u -r1.3 -r1.4
20	--- openssh-key-management-p3.xml 9 Oct 2005 17:13:23 -0000 1.3
21	+++ openssh-key-management-p3.xml 21 Oct 2005 10:39:42 -0000 1.4
22	@@ -1,5 +1,5 @@
23	<?xml version='1.0' encoding="UTF-8"?>
24	-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml,v 1.3 2005/10/09 17:13:23 rane Exp $ -->
25	+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml,v 1.4 2005/10/21 10:39:42 neysx Exp $ -->
26	<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
27
28	<guide link="/doc/en/articles/openssh-key-management-p3.xml" disclaimer="articles">
29	@@ -20,8 +20,8 @@
30	document is an updated version of the original article, and contains
31	various improvements made by the Gentoo Linux Documentation team -->
32
33	-<version>1.1</version>
34	-<date>2005-10-09</date>
35	+<version>1.2</version>
36	+<date>2005-10-21</date>
37
38	<chapter>
39	<title>Agent forwarding and keychain improvements</title>
40	@@ -182,63 +182,6 @@
41	above:
42	</p>
43
44	-<figure link="/images/docs/l-ssh-4.jpg" caption="ssh-agent running only on lappy; a more secure configuration"/>
45	-
46	-<p>
47	-Of course, the problem with this approach is that drobbins can now only
48	-establish passwordless connections from lappy. Let's see how to enable
49	-authentication forwarding and get around this problem.
50	-</p>
51	-
52	-<p>
53	-Assuming that all machines are running recent versions of OpenSSH, we can get
54	-around this problem by using authentication forwarding. Authentication
55	-forwarding allows remote ssh processes to contact the ssh-agent that is running
56	-on your local trusted machine -- rather than requiring a version of ssh-agent
57	-to be running on the same machine that you are sshing out from. This usually
58	-allows you to run ssh-agent (and keychain) on a single machine, and means that
59	-all ssh connections that originate (either directly or indirectly) from this
60	-machine will use your local ssh-agent.
61	-</p>
62	-
63	-<p>
64	-To enable authentication forwarding, we add the following line to lappy and
65	-trustbox's <path>/etc/ssh/ssh_config</path>. Note that this is the config file
66	-for ssh (<path>ssh_config</path>), not the ssh daemon sshd
67	-(<path>sshd_config</path>):
68	-</p>
69	-
70	-<pre caption="Add this line to your /etc/ssh/ssh_config">
71	-ForwardAgent Yes
72	-</pre>
73	-
74	-<p>
75	-Now, to take advantage of authentication forwarding, drobbins can connect from
76	-lappy to trustbox, and then from trustbox to notrust1 without supplying
77	-passphrases for any of the connections. Both ssh processes "tap in" to the
78	-ssh-agent running on lappy:
79	-</p>
80	-
81	-<pre caption="Tapping lappy">
82	-$ <i>ssh drobbins@trustbox</i>
83	-Last login: Wed Sep 26 13:42:08 2001 from lappy
84	-
85	-Welcome to trustbox!
86	-$ <i>ssh drobbins@notrust1</i>
87	-Last login: Tue Sep 25 12:03:40 2001 from trustbox
88	-
89	-Welcome to notrust1!
90	-$
91	-</pre>
92	-
93	-<p>
94	-If you try a similar configuration and find that agent forwarding isn't
95	-working, try using <c>ssh -A</c> instead of plain old ssh to explicitly enable
96	-authentication forwarding. Here's a diagram of what went on behind the scenes
97	-when we logged in to trustbox and notrust1 using authentication forwarding,
98	-above:
99	-</p>
100	-
101	<figure link="/images/docs/l-ssh-5.jpg" caption="Agent forwarding in action"/>
102
103	<p>
104
105
106
107	--
108	gentoo-doc-cvs@g.o mailing list

Gentoo Archives: gentoo-doc-cvs