ssh/scp used keyless....more secure

[Ken Moffat]

Net Llama! wrote:

> On 08/27/2005 11:10 AM, Dr. Scott S. Jones wrote:
>
>> Dear List:
>>
>> I use ssh and scp on a regular basis. I know I can create keys for using
>> these more securely. And i am sure the topic has been raised and
>> discussed
>> before.
>> Could someone point me to a good understandabl resources on setting
>> up keys,
>> and the challenge/response mechanisms to allow me to ssh and scp to
>> home and
>> back from work, without sending my password open across the net.
>
>
> I don't kow of any resources, but setting this up is fairly simple.
>
> On your client side box, you can generate your ssh keys with the
> following command:
> ssh-keygen -t dsa
>
> just hit enter for the defaults to all the questions.  Once you're
> done, you'll have created two files inside ~/.ssh:
> id_dsa & id_dsa.pub
>
> On the server that you want to ssh/scp to without a password, you
> should have a ~/.ssh directory for your user as well.  Look in that
> directory.  If you don't already have an authorized_keys file, then
> all you need to do is scp ~/.ssh/id_dsa.pub from your local client box
> to the server and rename it ~/.ssh/authorized_keys .  At this point,
> you're done, and you should be able to ssh/scp to that server without
> passwords.
>
> If you already do have an ~/.ssh/authorized_keys on the server for
> your user, then you need to append your ~/.ssh/id_dsa.pub to the end
> of ~/.ssh/authorized_keys.  So scp ~/.ssh/id_dsa.pub to the server,
> and then this should do the trick:
> cat id_dsa.pub >> ~/.ssh/authorized_keys
>
> At this point, you're done, and you should be able to ssh/scp to that
> server without passwords.
>
>

this is the method I use locally, but isn't there a security problem
with using ssh keys without passphrases?

-- 
ken