Date: Thu, 27 Jan 2000 00:53:33 -0800
From: Devin Carraway aqua@atlantic.devin.com
To: nblug-talk@lists.sonic.net
Subject: Re: DSL logs
X-Mailer: Mutt 1.0.1i

On Thu, Jan 27, 2000 at 12:43:04AM -0800, Mitchell Patenaude wrote:
> Your problem is that ssh is stopping to prompt for a password, and that
> isn't going to work. You need to get ssh to let you in on RSA/.shosts
> authentication, so it doesn't require a password.

The quick instructions, if you haven't already generated your SSH
key pair:

ssh-keygen (pick a nice long passphrase with some punctuation)
ssh bolt.sonic.net 'cat >> .ssh/authorized_keys' < ~/.ssh/identity
ssh bolt.sonic.net 'chmod go-rwx ~ ~/.ssh ~/.ssh/*'

> access to normal users. If Bolt is compromised, then an attacker
> *could* sniff your password with this scheme, whereas they wouldn't
> be able to if you just did a direct, unecrypted connection to the

RSA authentication reduces this problem considerably, yes. If
you're running ssh-agent (which you will probably find convenient, if you're
using fetchmail), you should generally instruct ssh not to forward the agent
to hosts you don't trust (never trust a shell server). That's done by
adding an entry to your ~/.ssh/config file of the general form:

Host isp.shell.server
ForwardAgent no
ForwardX11 no

(the X11 part isn't related, but isn't a bad idea either)

Lots of neat tricks available in that file, BTW. Setting default
ciphers and compression levels is particularly useful.

--
Devin \ aqua(at)devin.com, finger for PGP; http://www.devin.com
Carraway \ IRC: Requiem GCS/CC/L s-:--- !a !tv C++++$ ULB+++$ O+@ P L+++