[CoLoCo] ssh but kind of a mac question so please forgive
Jim Hutchinson
jim at ubuntu-rocks.org
Mon Sep 22 23:33:49 BST 2008
On Mon, Sep 22, 2008 at 4:04 PM, Paul Hummer <paul at eventuallyanyway.com>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > For security reasons I don't want to copy the key. Is there an option to
> > tell it to look for the key on a flash drive? How would I do this?
> >
>
> Are you talking about the public key or the private key?
Private key.
> The private key, on the other hand, is something you should protect
> well. If you'd like to put it on a USB key, that's fine. However, you
> need to tell ssh about it in your local config.
>
> Open (or create and open) ~/.ssh/config and add the following lines,
> substituting the variables in various places.
>
> Host <nickname-of-host>
> Hostname <ip-address-or-fqdn>
> User <your-username-on-target-system>
> IdentityFile </path/toprivate/key>
I'll give this a try. I have a couple follow up questions, though. Are all
those fields necessary? Does this just set up one particular host and if you
have 2 or more you would do one for each? I'm curious why it doesn't at
least set up parts of this for each host (or does it?). Can the nickname be
arbitrary? Do you then specify this in the ssh command or does it just look
for it anyway?
It's best to review the man-page for ssh-config. It's got all sorts of
> goodies in it.
I know but they are never very friendly to non-geek types.
> > Bonus question: if you forward local port 80 to the ssh server, would
> > that essentially encrypt all local web traffic without setting up a
> > socks proxy?
> >
>
> Yes, in fact, that's how many people use wireless securely without a vpn.
Cool. I give this a try too. As for syntax, would this be correct?
ssh -L 80 -p 5151 user at ssh.host
I know the below command works for non-standard ports as I just tried it
today with complete success.
ssh -D 8080 -p 5151 user at ssh.host
So not sure if I would still use the -D switch or if it would be -L (or
something else altogether).
Thanks for the help.
--
Jim (Ubuntu geek extraordinaire)
----
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-us-co/attachments/20080922/2572b225/attachment.htm
More information about the Ubuntu-us-co
mailing list