| 1 |
On Thu, Jan 8, 2009 at 10:57 AM, Paul Hartman |
| 2 |
<paul.hartman+gentoo@×××××.com> wrote: |
| 3 |
> On Wed, Jan 7, 2009 at 6:11 PM, Dave Jones <Dave.Jones@××××××.nl> wrote: |
| 4 |
>> Paul Hartman wrote on 08/01/09 00:28: |
| 5 |
>>> Hi, |
| 6 |
>>> |
| 7 |
>>> Normally I'm using SSH with regular password login, and I've read |
| 8 |
>>> about generating a keypair and having a password-less connection that |
| 9 |
>>> way. Is there a way to require both the key AND a password? Basically |
| 10 |
>>> if I put the key in my SSH client at work, I don't want a co-worker to |
| 11 |
>>> be able to login to my home PC, or someone to grab my phone, etc. |
| 12 |
>>> |
| 13 |
>>> Is there a way to put a passphrase on the key (seperate from my user |
| 14 |
>>> account password)? Maybe that would work... Otherwise I've thought |
| 15 |
>>> about having a dummy SSH account and then "su - realuser" to get |
| 16 |
>>> access, but that seems kind of messy. |
| 17 |
>>> |
| 18 |
>>> I've always used password login and IP-restricted it, but now I'm |
| 19 |
>>> traveling more and never know what IP I might be connecting from, so |
| 20 |
>>> using a key seems to be the best plan, or maybesome kind of |
| 21 |
>>> portknocking (but that's difficult from restricted ssh environments |
| 22 |
>>> such as a phone). |
| 23 |
>>> |
| 24 |
>> By default ssh-keygen creates a key pair with a passphrase. It's your choice to enter or omit a passphrase. |
| 25 |
>> |
| 26 |
>> If you've generated a key without a passphrase, you can add a passphrase using ssh-keygen -p |
| 27 |
>> |
| 28 |
>> Entering a passphrase encrypts the private part of the key, which you keep only on the server. You only need the public part of the key on the client. |
| 29 |
>> |
| 30 |
>> Cheers, Dave |
| 31 |
> |
| 32 |
> It works great. Thanks everyone for your responses! |
| 33 |
> |
| 34 |
> Paul |
| 35 |
> |
| 36 |
|
| 37 |
Well, almost great :) |
| 38 |
|
| 39 |
I can't figure out how to get NXclient to connect. It says the key is |
| 40 |
corrupt or has a passphrase (which it does). Has anyone used NX with a |
| 41 |
key-based SSH with passphrase? |
| 42 |
|
| 43 |
Thanks, |
| 44 |
Paul |
Archives