[CS-FSLUG] Using SSH

K Montgomery keltik at albany.edu
Thu Oct 14 09:38:47 CDT 2004 

SSH keys and X forwarding -- like peanut butter and jelly! (Unless you
have a nut allergy.)

Once you get the hang of these together, you'll have a blast.

On Thu, 2004-10-14 at 02:19 -0400, Don Parris wrote: 
> I'd like to play with the remote X session, but am not quite sure how
> this concept works.  I need to understand what is needed on the remote
> host and what is needed on the local host.  Frankly, the documentation
> I've seen just confuses me.  I've got the /etc/ssh/ssh_config file set
> to forward X11 and use password authentication so far (on one host).
> 
> Thanks in advance for the clarifications,
> Don

Like Josiah said, allowing the SSH daemon to forward X is as simple as a
configuration change.  On the remote server add the line "X11Forwarding
yes" to the /etc/ssh/sshd_config file.  When making the SSH connection,
use "ssh -X" in your command line to request X11 forwarding on the
client side; or insert the line "ForwardX11 yes" in your
local /etc/ssh/ssh_config to make it the default.

X forwarding through SSH is quite a blessing.  Even better is
passwordless login using SSH keys.

On Thu, 2004-10-14 at 02:19 -0400, Don Parris wrote: 
> I gather the process is something like:
> (1) Run ssh-keygen - give pass phrase & filename (opt)
> (2) Copy or e-mail public key to remote host & place in
> ~/.ssh/authorized_keys2

That's right.  But you'll still be asked for your passphrase when you
try to log in (if there is one, I guess).  To go passwordless, you need
to run "ssh-agent" at the beginning of your local login session -- the
purpose of this agent is to hold on to your private SSH keys.  Then run
"ssh-add" to add your keys to the agent.  You enter your passphrase once
to add the keys, and you don't have to enter it again for the remainder
of your session.  This makes remote logins a breeze!

I use gdm and GNOME in Mandrake 10.1.  There's code
in  /etc/X11/gdm/Xsession that automatically starts the agent.  All I do
is add /usr/bin/ssh-add to my startup programs, and I'm asked for my
passphrase when I log into GNOME.  I'm not sure how you'd set that up on
your machine, but I don't think it would be hard to figure out.

- Kathy

More information about the Christiansource mailing list