1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" id="sixapart-standard">
5 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
6 <meta name="generator" content="Movable Type 5.2.3" />
8 <link rel="stylesheet" href="http://defaria.com/blogs/Status/styles-site.css" type="text/css" />
9 <link rel="alternate" type="application/atom+xml" title="Atom" href="http://defaria.com/blogs/Status/atom.xml" />
10 <link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://defaria.com/blogs/Status/index.xml" />
12 <title>Status for Andrew DeFaria: ssh</title>
14 <link rel="start" href="http://defaria.com/blogs/Status/" title="Home" />
15 <link rel="prev" href="http://defaria.com/blogs/Status/archives/000658.html" title="ranlin0[2|3] released" />
16 <link rel="next" href="http://defaria.com/blogs/Status/archives/000660.html" title="QT" />
19 <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
20 xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"
21 xmlns:dc="http://purl.org/dc/elements/1.1/">
23 rdf:about="http://defaria.com/blogs/Status/archives/000659.html"
24 trackback:ping="http://defaria.com/mt/mt-tb.cgi/46"
26 dc:identifier="http://defaria.com/blogs/Status/archives/000659.html"
27 dc:subject="General Dynamics"
28 dc:description=" Helped Aaron with ssh..."
30 dc:date="2007-08-03T17:56:27-06:00" />
37 <script type="text/javascript" src="http://defaria.com/blogs/Status/mt-site.js"></script>
39 <body class="layout-one-column" onload="individualArchivesOnLoad(commenter_name)">
41 <div id="container-inner" class="pkg">
44 <div id="banner-inner" class="pkg">
45 <h1 id="banner-header"><a href="http://defaria.com/blogs/Status/" accesskey="1">Status for Andrew DeFaria</a></h1>
46 <h2 id="banner-description">Searchable status reports and work log</h2>
51 <div id="pagebody-inner" class="pkg">
53 <div id="alpha-inner" class="pkg">
55 <p class="content-nav">
56 <a href="http://defaria.com/blogs/Status/archives/000658.html">« ranlin0[2|3] released</a> |
57 <a href="http://defaria.com/blogs/Status/">Main</a>
58 | <a href="http://defaria.com/blogs/Status/archives/000660.html">QT »</a>
62 <div class="entry" id="entry-659">
63 <h3 class="entry-header">ssh</h3>
64 <div class="entry-content">
65 <div class="entry-body">
67 <li>Helped Aaron with ssh</li>
70 <div id="more" class="entry-more">
71 <h2>Adding ssh actions to CDE</h2>
73 <p>Secure SHell or ssh is a more modern and secure way to access a remote system. You can add ssh actions to CDE by doing the following:</p>
75 <p>Add the following to ~/.dt/types:</p>
85 EXEC_STRING ksh -c 'export _title="%"Starbase?"%"; \
86 /usr/dt/bin/dtterm -name $_title \
87 -title "Opening hailing frequencies to starbase $_title..." \
88 -e ksh -c "ssh $_title; sleep 5;";'
89 DESCRIPTION The Secure shell action prompts the user for \
90 the name of a system, opens a dtterm terminal \
91 emulator window, and then performs an ssh to \
102 EXEC_STRING ksh -c 'export _title="%"Starbase?"%"; \
103 export _user="%"Username"%"; \
104 /usr/dt/bin/dtterm -name $_title \
106 "Opening hailing frequencies to starbase $_user@$_title..." \
107 -e ksh -c "ssh $_user@$_title; sleep 5;";'
108 DESCRIPTION The Secure shell action prompts the user for \
109 the name of a system and a username and opens \
110 a dtterm terminal emulator window, and then \
111 performs an ssh to that system.
115 <p>Then invoke the actions with:</li>
117 <div class=code><pre>
122 <p>or better yet put it into your Dtwm menus like:</p>
124 <div class=code><pre>
128 "Terminal" f.action Dtterm
129 "Remote Terminal" f.action Ssh
130 "Remote Terminal (user)" f.action SshUser
131 "X Terminal" f.action Xterm
135 <h2>Configuring ssh for passwordless but secure public key authentication</h2>
137 <p>In order to do public key authentication you need to first generate a public key. You do this for ssh with ssh-keygen:</p>
139 <div class=code><pre>
143 <p>Note you can also do -t dsa. There are RSA keys and DSA keys. I forget what the prompts are, something about a passphrase, etc. Enter no passphrase.</p>
145 <p>This should create a directory ~/.ssh with files in it. For example:</p>
147 <div class=code><pre>
148 <b><font color="#3333ff">$</font></b> <u>ssh-keygen -t rsa</u>
149 Enter file in which to save the key(/home/p6258c/.ssh/id_rsa):
150 Generating public/private rsa key pair.
151 Enter passphrase(empty for no passphrase):
152 <b><font color="#3333ff">$</font></b> <u>ls -l ~/.ssh</u>
154 -rw------- 1 p6258c ccusers 226 Jun 15 13:28 authorized_keys
155 -rw------- 1 p6258c ccusers 887 Jun 15 13:27 id_rsa
156 -rw-rw-r-- 1 p6258c ccusers 226 Jun 15 13:27 id_rsa.pub
157 -rw-r--r-- 1 p6258c ccusers 4082 Jul 31 15:05 known_hosts
158 <b><font color="#3333ff">$</font></b> <u>ls -ld .</u>
159 drwxr-xr-x 43 p6258c ccusers 2048 Aug 3 10:28 ./
160 <b><font color="#3333ff">$</font></b>
163 <p>Then the task is to get the ~/.ssh/id_rsa.pub key added to the authorized_keys file (creating it if you need to). Here in GD that is easy. Siimply:</p>
165 <div class=code><pre>
166 <b><font color="#3333ff">$</font></b> <u>cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys</u>
169 <p>Now, since all GD machines in the RAN subnet share your same home directory (automounted from the same common location) viola! You now have passwordless ssh access using public key authentication through the RAN (note this does not cross from RAN -> GD network due to firewall issues). Whenever you ssh to a new machine it will bother you about adding it to the known_hosts file but after that it should not prompt again.</p>
171 <p>Also note that if this were a different situation you'd have to get the contents of ~/.ssh/id_rsa.pub over to the remote machine. For example, I could generate my keys as described above then email the ~/.ssh/id_rsa.pub from here to my home Linux system, append it to my ~/.ssh/authorized_keys on my home Linux system then I could ssh from here to home. Normally I configure my house to <b>only</b> allow public key authenticated logins from the outside world. I can't do it here from GD because the firewall prohibits it (which is odd)!</p>
173 <p>Final note: Sometimes, if ssh is configured to by strict about permissions, you need to change your home directory to be 755 as shown above. Normally I'm a sharing kinda guy so I have my home directory set to 775 but with ssh strict permissions that'll cause passwordless ssh to not work anymore.</p>
176 <p class="entry-footer">
177 <span class="post-footers">Posted by on August 3, 2007 5:56 PM</span> <span class="separator">|</span> <a class="permalink" href="http://defaria.com/blogs/Status/archives/000659.html">Permalink</a>
182 <div class="trackbacks">
183 <h3 id="trackback" class="trackbacks-header">TrackBack</h3>
184 <div id="trackbacks-info">
185 <p>TrackBack URL for this entry:<br />http://defaria.com/mt/mt-tb.cgi/46</p>
187 <div class="trackbacks-content">