1 |
neysx 05/10/21 10:39:42 |
2 |
|
3 |
Modified: xml/htdocs/doc/en/articles openssh-key-management-p3.xml |
4 |
Log: |
5 |
#110008 Removed duplicate text |
6 |
|
7 |
Revision Changes Path |
8 |
1.4 +3 -60 xml/htdocs/doc/en/articles/openssh-key-management-p3.xml |
9 |
|
10 |
file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml?rev=1.4&content-type=text/x-cvsweb-markup&cvsroot=gentoo |
11 |
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml?rev=1.4&content-type=text/plain&cvsroot=gentoo |
12 |
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml.diff?r1=1.3&r2=1.4&cvsroot=gentoo |
13 |
|
14 |
Index: openssh-key-management-p3.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml,v |
17 |
retrieving revision 1.3 |
18 |
retrieving revision 1.4 |
19 |
diff -u -r1.3 -r1.4 |
20 |
--- openssh-key-management-p3.xml 9 Oct 2005 17:13:23 -0000 1.3 |
21 |
+++ openssh-key-management-p3.xml 21 Oct 2005 10:39:42 -0000 1.4 |
22 |
@@ -1,5 +1,5 @@ |
23 |
<?xml version='1.0' encoding="UTF-8"?> |
24 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml,v 1.3 2005/10/09 17:13:23 rane Exp $ --> |
25 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/openssh-key-management-p3.xml,v 1.4 2005/10/21 10:39:42 neysx Exp $ --> |
26 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
27 |
|
28 |
<guide link="/doc/en/articles/openssh-key-management-p3.xml" disclaimer="articles"> |
29 |
@@ -20,8 +20,8 @@ |
30 |
document is an updated version of the original article, and contains |
31 |
various improvements made by the Gentoo Linux Documentation team --> |
32 |
|
33 |
-<version>1.1</version> |
34 |
-<date>2005-10-09</date> |
35 |
+<version>1.2</version> |
36 |
+<date>2005-10-21</date> |
37 |
|
38 |
<chapter> |
39 |
<title>Agent forwarding and keychain improvements</title> |
40 |
@@ -182,63 +182,6 @@ |
41 |
above: |
42 |
</p> |
43 |
|
44 |
-<figure link="/images/docs/l-ssh-4.jpg" caption="ssh-agent running only on lappy; a more secure configuration"/> |
45 |
- |
46 |
-<p> |
47 |
-Of course, the problem with this approach is that drobbins can now only |
48 |
-establish passwordless connections from lappy. Let's see how to enable |
49 |
-authentication forwarding and get around this problem. |
50 |
-</p> |
51 |
- |
52 |
-<p> |
53 |
-Assuming that all machines are running recent versions of OpenSSH, we can get |
54 |
-around this problem by using authentication forwarding. Authentication |
55 |
-forwarding allows remote ssh processes to contact the ssh-agent that is running |
56 |
-on your local trusted machine -- rather than requiring a version of ssh-agent |
57 |
-to be running on the same machine that you are sshing out from. This usually |
58 |
-allows you to run ssh-agent (and keychain) on a single machine, and means that |
59 |
-all ssh connections that originate (either directly or indirectly) from this |
60 |
-machine will use your local ssh-agent. |
61 |
-</p> |
62 |
- |
63 |
-<p> |
64 |
-To enable authentication forwarding, we add the following line to lappy and |
65 |
-trustbox's <path>/etc/ssh/ssh_config</path>. Note that this is the config file |
66 |
-for ssh (<path>ssh_config</path>), not the ssh daemon sshd |
67 |
-(<path>sshd_config</path>): |
68 |
-</p> |
69 |
- |
70 |
-<pre caption="Add this line to your /etc/ssh/ssh_config"> |
71 |
-ForwardAgent Yes |
72 |
-</pre> |
73 |
- |
74 |
-<p> |
75 |
-Now, to take advantage of authentication forwarding, drobbins can connect from |
76 |
-lappy to trustbox, and then from trustbox to notrust1 without supplying |
77 |
-passphrases for any of the connections. Both ssh processes "tap in" to the |
78 |
-ssh-agent running on lappy: |
79 |
-</p> |
80 |
- |
81 |
-<pre caption="Tapping lappy"> |
82 |
-$ <i>ssh drobbins@trustbox</i> |
83 |
-Last login: Wed Sep 26 13:42:08 2001 from lappy |
84 |
- |
85 |
-Welcome to trustbox! |
86 |
-$ <i>ssh drobbins@notrust1</i> |
87 |
-Last login: Tue Sep 25 12:03:40 2001 from trustbox |
88 |
- |
89 |
-Welcome to notrust1! |
90 |
-$ |
91 |
-</pre> |
92 |
- |
93 |
-<p> |
94 |
-If you try a similar configuration and find that agent forwarding isn't |
95 |
-working, try using <c>ssh -A</c> instead of plain old ssh to explicitly enable |
96 |
-authentication forwarding. Here's a diagram of what went on behind the scenes |
97 |
-when we logged in to trustbox and notrust1 using authentication forwarding, |
98 |
-above: |
99 |
-</p> |
100 |
- |
101 |
<figure link="/images/docs/l-ssh-5.jpg" caption="Agent forwarding in action"/> |
102 |
|
103 |
<p> |
104 |
|
105 |
|
106 |
|
107 |
-- |
108 |
gentoo-doc-cvs@g.o mailing list |