Manualshelf

Datasheet

ManualsBrandsNovell ManualsSoftware00662644465449-OEM
681682683684685686687688689690
“main” (Installation and Administration) 2004/6/25 13:29 page 656 #682
i
i
i
i
i
i
i
i
In the long run, this procedure is more troublesome than giving your pass-
word each time. Therefore, the SSH package provides another tool, ssh-
agent, which retains the private keys for the duration of an X session. The
entire X session is started as a child process of ssh-agent. The easiest way
to do this is to set the variable usessh at the beginning of the .xsession
file to yes and log in via a display manager, such as KDM or XDM. Alterna-
tively, enter ssh-agent startx.
Now you can use ssh or scp as usual. If you have distributed your public
key as described above, you are no longer prompted for your password.
Take care of terminating your X session or locking it with a password pro-
tection application, such as xlock.
All the relevant changes that resulted from the introduction of version 2
of the SSH protocol are also documented in the file /usr/share/doc/
packages/openssh/README.SuSE.
26.4.7 X, Authentication and Forwarding Mechanisms
Beyond the previously described security-related improvements, SSH also
simplifies the use of remote X applications. If you run ssh with the op-
tion -X, the DISPLAY variable is automatically set on the remote machine
and all X output is exported to the remote machine over the existing SSH
connection. At the same time, X applications started remotely and locally
viewed with this method cannot be intercepted by unauthorized individu-
als.
By adding the option -A, the ssh-agent authentication mechanism is car-
ried over to the next machine. This way, you can work from different ma-
chines without having to enter a password, but only if you have distributed
your public key to the destination hosts and properly saved it there.
Both mechanisms are deactivated in the default settings, but can be per-
manently activated at any time in the system-wide configuration file
/etc/ssh/sshd_config or the user’s ~/.ssh/config.
ssh can also be used to redirect TCP/IP connections. In the examples below,
SSH is told to redirect the SMTP and the POP3 port, respectively:
ssh -L 25:sun:25 earth
656 26.4. SSH — Secure Shell, the Safe Alternative