<div dir="ltr"><br><br><div class="gmail_quote">On Mon, Sep 22, 2008 at 4:04 PM, Paul Hummer <span dir="ltr"><<a href="mailto:paul@eventuallyanyway.com">paul@eventuallyanyway.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> -----BEGIN PGP SIGNED MESSAGE-----<br> Hash: SHA1<br> <div class="Ih2E3d"><br> > For security reasons I don't want to copy the key. Is there an option to<br> > tell it to look for the key on a flash drive? How would I do this?<br> ><br> <br> </div>Are you talking about the public key or the private key? </blockquote><div><br>Private key.<br> <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> The private key, on the other hand, is something you should protect<br> well.  If you'd like to put it on a USB key, that's fine.  However, you<br> need to tell ssh about it in your local config.<br> <br> Open (or create and open) ~/.ssh/config and add the following lines,<br> substituting the variables in various places.<br> <br> Host <nickname-of-host><br>  Hostname <ip-address-or-fqdn><br>  User <your-username-on-target-system><br>  IdentityFile </path/toprivate/key></blockquote><div><br>I'll give this a try. I have a couple follow up questions, though. Are all those fields necessary? Does this just set up one particular host and if you have 2 or more you would do one for each? I'm curious why it doesn't at least set up parts of this for each host (or does it?).  Can the nickname be arbitrary? Do you then specify this in the ssh command or does it just look for it anyway? <br> <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">It's best to review the man-page for ssh-config.  It's got all sorts of<br> goodies in it.</blockquote><div><br>I know but they are never very friendly to non-geek types.<br> <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> > Bonus question: if you forward local port 80 to the ssh server, would<br><div class="Ih2E3d"> > that essentially encrypt all local web traffic without setting up a<br> > socks proxy?<br> ><br> <br> </div>Yes, in fact, that's how many people use wireless securely without a vpn.</blockquote><div><br>Cool. I give this a try too. As for syntax, would this be correct?<br><br>ssh -L  80 -p 5151 user@ssh.host<br><br>I know the below command works for non-standard ports as I just tried it today with complete success.<br> <br>ssh -D 8080 -p 5151 user@ssh.host<br><br>So not sure if I would still use the -D switch or if it would be -L (or something else altogether).<br><br>Thanks for the help.<br></div></div><br clear="all"><br>-- <br>Jim (Ubuntu geek extraordinaire)<br> ----<br>Please avoid sending me Word or PowerPoint attachments.<br>See <a href="http://www.gnu.org/philosophy/no-word-attachments.html">http://www.gnu.org/philosophy/no-word-attachments.html</a><br> </div>