Passwordless authentication between two domains.

Earnie Boyd
Thu Nov 29 16:14:00 GMT 2012

On Wed, Nov 28, 2012 at 6:59 PM, Andrew DeFaria wrote:
> On 11/28/2012 1:21 PM, anulav2 wrote:
>> Andrew,
>> Keys will "ALWAYS" be different irrespective if it is two servers on same
>> or different domain.
>> That is the whole point of copying keys to remote servers authorized_keys
>> file.
> I don't think so. I do know the following - here at my current client there
> are two distinct domains that I deal with - Irvine and San Jose. My Windows
> laptop is in the Irvine domain. My home directory is on a filer and is
> shared between my Windows laptop and the various Linux server machines in
> Irvine. I generate a key and put it in my ~/.ssh/authorized_keys and I can
> ssh to localhost or any of the Linux servers. Additionally I can ssh from
> Linux to my laptop, passwordlessly.
> If I take that key and put it into the ~/.ssh/authorized_keys in San Jose
> then this allows me to ssh into from Irvine to San Jose without a password.
> But I cannot ssh from San Jose -> Irvine without being prompted for a
> password.
> However if I generate a key in San Jose and put it in ~/.ssh/authorize_keys
> in Irvine then I can ssh from San Jose -> Irvine without a password. This
> tells me that generated ssh keys are unique per domain. For bilateral ssh
> passwordless logins between the two domains you should have at least 2 lines
> in your ~/.ssh/authorized_keys file, one for each domain:

Actually, although your method would be best for security reasons, you
could copy the private key file to the other computer and add the
public key to the authorized_keys file so that you only have one key
pair.  You don't need more than one key pair as long as the private
key portion is available in your $HOME/.ssh directory on all

> ssh-dss
> AAAAB3NzaC1kc3MAAACBANIhaC5kcPP9paO1PgxbXmeoCTT/COtutXPQKcE85/ut6cvVCL4Ctwv0Uz04q+XdB75qvL+0pbfsg6kRkE6xSJpiOzNXe/ED+EXv1xnp5otlAi3AAAAFQD6ej4gmxyMdsn+Yf7E6TR7RsDfbQAAAIEAsQ5y+xF0fhjORxzivaFVZW2znN0eF5rRNONG7aN/2j9Fu3sTV8YRgjvOSL755Kg0r6a+fu3OMjWMaUFG4BGPTLH8jW3YlWJvTiYhq/3BR8nBh9by0NEiy3UTPyPYTZ8SZPaTABhDcfkQD1qum6TlIBDBlX5gI3Q/abtGGZoo3+AAAACBAIQyf+LdDWl2Pq32NJC6ijufpynK1aOiPlUnvDoFh9snrQ+4JpgWDUsj7dRjbNZbu19PnamGnYduo2xz1USAu6+ePAXiW16m9512SpjKGIRSlnrjXcN+Ys8wJGtdGK0uk0c5q4wyd2Yh/BLsyneV8mWCIKGsi7PZ7gHd1vAqYjNa
> adefaria@Irvine
> ssh-dss
> AAAAB3NzaC1kc3MAAACBGc2XQc9lkE4sacaUKWJBG+hIZFFGejIn4Q366boqkM+pSbx4k5j9UhLhke+nQO7L0lPDJ+TeBbzuSweOTzCN1DSOQEb9wQEeOIPR3WzhZSt7oEsoPDdWC2hUns4MoKKOtTO1Bje0E1c5LYd3hou7AAAAFQDCbH96A9u3EeJLe5OtlkItob2MhwAAAIEAoz4dtm9nqOH+YgNqxRmuyy3f46zSr/ALY747aOpRpxRnGcbZPO6bJHevkN7oomQwSzbHqJbsOzSMpjs9yrxQUAklGsdL7STC4HpheHUKyqGvZB1SP5pQ+thqPo4GQTIpEZxsmsrb5dRNOZstdWqeYQtsu0qYqvHOnxOSWsC5V3wAAACBALY5CD58gt12E4logCHko7p+k8KUS8eAapwbThhH6rsOWjnhBLEDqL4qWn3w8Lk+1vkGIkhZ5Iysbx81Tk6njhnklAFHHtp4MBxuuJbbqLGrM9SKMG1kQDfjFGowkZsLpf2jw37vy0fo/LfJ1NEGpVq6fI3U+O48PUcr2dEpO6UD
> adefaria@San Jose
> Note that the 3rd field is treated as a comment so I changed it to
> adefaria@Irvine and adefaria@San Jose. Note 2: The above keys have been
> modified to protect them.

I hope these aren't your real keys, if so you should regenerate them
now that you've shared them in public.


Problem reports:
Unsubscribe info:

More information about the Cygwin mailing list