Passwordless authentication between two domains.
Thu Nov 29 16:14:00 GMT 2012
On Wed, Nov 28, 2012 at 6:59 PM, Andrew DeFaria wrote:
> On 11/28/2012 1:21 PM, anulav2 wrote:
>> Keys will "ALWAYS" be different irrespective if it is two servers on same
>> or different domain.
>> That is the whole point of copying keys to remote servers authorized_keys
> I don't think so. I do know the following - here at my current client there
> are two distinct domains that I deal with - Irvine and San Jose. My Windows
> laptop is in the Irvine domain. My home directory is on a filer and is
> shared between my Windows laptop and the various Linux server machines in
> Irvine. I generate a key and put it in my ~/.ssh/authorized_keys and I can
> ssh to localhost or any of the Linux servers. Additionally I can ssh from
> Linux to my laptop, passwordlessly.
> If I take that key and put it into the ~/.ssh/authorized_keys in San Jose
> then this allows me to ssh into from Irvine to San Jose without a password.
> But I cannot ssh from San Jose -> Irvine without being prompted for a
> However if I generate a key in San Jose and put it in ~/.ssh/authorize_keys
> in Irvine then I can ssh from San Jose -> Irvine without a password. This
> tells me that generated ssh keys are unique per domain. For bilateral ssh
> passwordless logins between the two domains you should have at least 2 lines
> in your ~/.ssh/authorized_keys file, one for each domain:
Actually, although your method would be best for security reasons, you
could copy the private key file to the other computer and add the
public key to the authorized_keys file so that you only have one key
pair. You don't need more than one key pair as long as the private
key portion is available in your $HOME/.ssh directory on all
> adefaria@San Jose
> Note that the 3rd field is treated as a comment so I changed it to
> adefaria@Irvine and adefaria@San Jose. Note 2: The above keys have been
> modified to protect them.
I hope these aren't your real keys, if so you should regenerate them
now that you've shared them in public.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin