29.4 Setting up the Service

29.4.1 Files necessary to trust a user across the network

Root is treated as any other user, with its files in the directory /.ssh. For root and other system logins you may want to use an empty passphrase when creating the key. This is especially true if you want to run cron jobs between machines as this user, because there will not be anyone there to provide the passphrase when the job runs. The passphrase does provide an additional level of security. Should someone break into your system the private key could be stolen, but without the passphrase they would not be able to exploit it on the remote system.

These files will have entries similar to the following, where the keys have been truncated for brevity and each entry should be on a single line.

File Contents

/etc/ssh_known_hosts hostname,list,of,aliases,IP_addr key_size exponent host_key root@hostname

~/.ssh/known_hosts hostname,list,of,aliases,IP_addr key_size exponent host_key root@hostname

e.g., the two files above might contain:

nyssa,nyssa.acs.ohio-state.edu,128.146.116.4 1024 37 12086835009060408900597155700226478152381878812729625690964751596049798262746 root@nyssa

susan,susan.acs.ohio-state.edu,www-wks.acs.ohio-state.edu,128.146.116.32 1024 35 206297116078594680112446644696531356796278353005287817794587469777554961618889 root@susan

~/.ssh/authorized_keys key_size exponent host_key user@hostname

e.g.:

1024 37 287615623236504102828255516467970261345966571750574014601611091414106110923656 frank@nyssa

1024 35 261345966557401405287817795875946801144664466539060089057970263596571750574014 frank@susan

~/.ssh/identity.pub key_size exponent host_key user@hostname

e.g.:

1024 37 287615623236504102828255516467970261345966571750574014601611091414106110923656 frank@nyssa

In these files aliases are separated by commas (,) and fields are separated by spaces.