| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=-5.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,KHOP_RCVD_TRUST,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE |
| X-Spam-Check-By: | sourceware.org |
| MIME-Version: | 1.0 |
| In-Reply-To: | <k968hu$fll$1@ger.gmane.org> |
| References: | <1353433612060-94427 DOT post AT n5 DOT nabble DOT com> <k8ghdb$kps$1 AT ger DOT gmane DOT org> <1354127875 DOT 88050 DOT YahooMailNeo AT web122106 DOT mail DOT ne1 DOT yahoo DOT com> <20121128200904 DOT M70718 AT ds DOT net> <1354134069143-94590 DOT post AT n5 DOT nabble DOT com> <k95si1$5a7$1 AT ger DOT gmane DOT org> <1354136009 DOT 21649 DOT YahooMailNeo AT web122105 DOT mail DOT ne1 DOT yahoo DOT com> <k95ujm$o61$1 AT ger DOT gmane DOT org> <1354137687 DOT 39813 DOT YahooMailNeo AT web122104 DOT mail DOT ne1 DOT yahoo DOT com> <k968hu$fll$1 AT ger DOT gmane DOT org> |
| Date: | Thu, 29 Nov 2012 11:14:31 -0500 |
| Message-ID: | <CA+sc5mn9t5G_Pw_Y9B3GuHh3yRO_egCvtq1U06tf_bU98sDLSA@mail.gmail.com> |
| Subject: | Re: Passwordless authentication between two domains. |
| From: | Earnie Boyd <earnie AT users DOT sourceforge DOT net> |
| To: | Andrey Repin <cygwin AT cygwin DOT com> |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| X-MIME-Autoconverted: | from quoted-printable to 8bit by delorie.com id qATGM6BW026836 |
On Wed, Nov 28, 2012 at 6:59 PM, Andrew DeFaria wrote: > On 11/28/2012 1:21 PM, anulav2 wrote: >> >> Andrew, >> Keys will "ALWAYS" be different irrespective if it is two servers on same >> or different domain. >> That is the whole point of copying keys to remote servers authorized_keys >> file. > > I don't think so. I do know the following - here at my current client there > are two distinct domains that I deal with - Irvine and San Jose. My Windows > laptop is in the Irvine domain. My home directory is on a filer and is > shared between my Windows laptop and the various Linux server machines in > Irvine. I generate a key and put it in my ~/.ssh/authorized_keys and I can > ssh to localhost or any of the Linux servers. Additionally I can ssh from > Linux to my laptop, passwordlessly. > > If I take that key and put it into the ~/.ssh/authorized_keys in San Jose > then this allows me to ssh into from Irvine to San Jose without a password. > But I cannot ssh from San Jose -> Irvine without being prompted for a > password. > > However if I generate a key in San Jose and put it in ~/.ssh/authorize_keys > in Irvine then I can ssh from San Jose -> Irvine without a password. This > tells me that generated ssh keys are unique per domain. For bilateral ssh > passwordless logins between the two domains you should have at least 2 lines > in your ~/.ssh/authorized_keys file, one for each domain: > Actually, although your method would be best for security reasons, you could copy the private key file to the other computer and add the public key to the authorized_keys file so that you only have one key pair. You don't need more than one key pair as long as the private key portion is available in your $HOME/.ssh directory on all computers. > ssh-dss > AAAAB3NzaC1kc3MAAACBANIhaC5kcPP9paO1PgxbXmeoCTT/COtutXPQKcE85/ut6cvVCL4Ctwv0Uz04q+XdB75qvL+0pbfsg6kRkE6xSJpiOzNXe/ED+EXv1xnp5otlAi3AAAAFQD6ej4gmxyMdsn+Yf7E6TR7RsDfbQAAAIEAsQ5y+xF0fhjORxzivaFVZW2znN0eF5rRNONG7aN/2j9Fu3sTV8YRgjvOSL755Kg0r6a+fu3OMjWMaUFG4BGPTLH8jW3YlWJvTiYhq/3BR8nBh9by0NEiy3UTPyPYTZ8SZPaTABhDcfkQD1qum6TlIBDBlX5gI3Q/abtGGZoo3+AAAACBAIQyf+LdDWl2Pq32NJC6ijufpynK1aOiPlUnvDoFh9snrQ+4JpgWDUsj7dRjbNZbu19PnamGnYduo2xz1USAu6+ePAXiW16m9512SpjKGIRSlnrjXcN+Ys8wJGtdGK0uk0c5q4wyd2Yh/BLsyneV8mWCIKGsi7PZ7gHd1vAqYjNa > adefaria AT Irvine > ssh-dss > AAAAB3NzaC1kc3MAAACBGc2XQc9lkE4sacaUKWJBG+hIZFFGejIn4Q366boqkM+pSbx4k5j9UhLhke+nQO7L0lPDJ+TeBbzuSweOTzCN1DSOQEb9wQEeOIPR3WzhZSt7oEsoPDdWC2hUns4MoKKOtTO1Bje0E1c5LYd3hou7AAAAFQDCbH96A9u3EeJLe5OtlkItob2MhwAAAIEAoz4dtm9nqOH+YgNqxRmuyy3f46zSr/ALY747aOpRpxRnGcbZPO6bJHevkN7oomQwSzbHqJbsOzSMpjs9yrxQUAklGsdL7STC4HpheHUKyqGvZB1SP5pQ+thqPo4GQTIpEZxsmsrb5dRNOZstdWqeYQtsu0qYqvHOnxOSWsC5V3wAAACBALY5CD58gt12E4logCHko7p+k8KUS8eAapwbThhH6rsOWjnhBLEDqL4qWn3w8Lk+1vkGIkhZ5Iysbx81Tk6njhnklAFHHtp4MBxuuJbbqLGrM9SKMG1kQDfjFGowkZsLpf2jw37vy0fo/LfJ1NEGpVq6fI3U+O48PUcr2dEpO6UD > adefaria AT San Jose > > Note that the 3rd field is treated as a comment so I changed it to > adefaria AT Irvine and adefaria AT San Jose. Note 2: The above keys have been > modified to protect them. > I hope these aren't your real keys, if so you should regenerate them now that you've shared them in public. -- Earnie -- https://sites.google.com/site/earnieboyd -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |