University Computing Systems
SSH (Secure Shell) Key Exchange Setup
Utility To Set Up SSH Key Exchange: set.up.ssh.ksh
Using key exchange, you will log into the remote host without being
prompted for your AFS password. However, you will not have your
AFS token upon login - you must get that by klog -set.
- /usr/ucs/bin/set.up.ssh.ksh is a utility for setting up SSH
key exchange in your AFS login direcrory.
To run set.up.ssh.ksh, log in to your account on any Solaris
- AFS client (e.g., afs1.njit.edu - afs35.njit.edu), or Linux AFS client
(e.g., osl1.njit.edu - osl29.njit.edu) and enter :
set.up.ssh.ksh
- Once you have run set.up.ssh.ksh, when you use ssh to log in to
a host, enter the following to get your Kerberos token (needed to give you
access to your files) :
klog -set
(Give AFS password)
NOTE !! set.up.ssh.ksh puts into effect SSH key exchange for
your login to a remote host. This means that, in general, you will NOT have
your AFS token upon login to the remote host - you get that token by
klog -set.
As a corollary, any login process that depends upon your having your
AFS token will FAIL.
Be SURE to use klog -set and
NOT klog alone, or someone else logged into the remote
machine might get YOUR AFS token ! This is equivalent to giving that
person your AFS password.
As of December 2007, a version of openssh that passws a user's AFS token became available.
When this is implemented at NJIT, ssh logins using key exchange will also preserve
the user's token, so that a "klog -set" on the target machine will no longer be needed.