Passwordless authentication between two domains.
David T-G
d12@justpickone.org
Thu Nov 29 11:32:00 GMT 2012
Andrew, et al --
...and then Andrew DeFaria said...
%
% On 11/28/2012 1:21 PM, anulav2 wrote:
% >Andrew,
% >Keys will "ALWAYS" be different irrespective if it is two servers on same
% >or different domain.
% >That is the whole point of copying keys to remote servers authorized_keys
% >file.
% I don't think so. I do know the following - here at my current client
% there are two distinct domains that I deal with - Irvine and San Jose.
% My Windows laptop is in the Irvine domain. My home directory is on a
% filer and is shared between my Windows laptop and the various Linux
% server machines in Irvine. I generate a key and put it in my
% ~/.ssh/authorized_keys and I can ssh to localhost or any of the Linux
% servers. Additionally I can ssh from Linux to my laptop, passwordlessly.
That makes sense; all of the machines in Irvine (including your laptop)
are using the same id_dsa & id_dsa.pub & authorized_keys (or perhaps
authorized_keys2 but we'll ignore that for the moment) files.
%
...
% However if I generate a key in San Jose and put it in
% ~/.ssh/authorize_keys in Irvine then I can ssh from San Jose -> Irvine
% without a password. This tells me that generated ssh keys are unique per
% domain. For bilateral ssh passwordless logins between the two domains
% you should have at least 2 lines in your ~/.ssh/authorized_keys file,
% one for each domain:
[snip]
Incorrect. ssh doesn't care a bit what domain (if at all) or even what
OS you're using or where the key was generated. This simply tells you
that the shared home directory in San Jose is not the same as the one in
Irvine. If it were the same, then the very same id_dsa & id_dsa.pub &
authorized_keys files would work the very same way; since it is different
storage, however, you don't have the id_dsa key to match which would
allow San Jose -> Irvine access.
Try this in both Irvine & San Jose:
cd ~/.ssh
ls -ligo id_dsa* authorized_keys*
I predict that you will find the inodes to be the same all over Irvine
and the same all over San Jose *but* different between the two locations.
You may find df or mount to be illustrative as well.
HTH & Happy Holidays
:-D
--
David T-G
See http://justpickone.org/davidtg/email/
See http://justpickone.org/davidtg/tofu.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20121129/e89bbb3f/attachment.sig>
More information about the Cygwin
mailing list