From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 Date: Fri, 8 Mar 2013 19:02:43 +0100 Message-ID: From: Rudolf Sykora To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=UTF-8 Subject: [9fans] unix rsa-key with passphrase vs. p9(p) Topicbox-Message-UUID: 255a2bd8-ead8-11e9-9d60-3106f5b1d025 On 8 March 2013 17:08, Rudolf Sykora wrote > I now see that 9 ssh-agent is really only to deal with passphrases of > the dsa/rsa keys. Well, I seem to be wrong again. And have more questions... In linux, ssh-agent takes care about an (optional) passphrase which was used to cypher the public (and perhaps also private, I believe) keys (so that eg the admin can't abuse these) generated by ssh-keygen; these keys are usually stored under $HOME/.ssh. What do I have to do in order to use "9 ssh-agent" (which uses factotum) when I have the keys already generated (and their public parts distributed) by linux's ssh-keygen? (Ie I have id_rsa and id_rsa.pub in .ssh; and I use a passphrase.) Particularly, there is some information given in p9p's rsa(1): ---------------- Convert existing Unix SSH version 2 keys instead of generat- ing new ones: cd $HOME/.ssh pemdecode 'DSA PRIVATE KEY' id_dsa | asn12dsa >dsa2 pemdecode 'RSA PRIVATE KEY' id_rsa | asn12rsa >rsa2 Load those keys into factotum: cat rsa1 rsa2 dsa2 | 9p write -l factotum/ctl ---------------- but my keys are protected with a passphrase, so these commands do not directly work. What must I do? Finally, is there any reason to prefer the factotum way rather than the linux's way just with ssh-keygen (with a passphrase) + ssh-copy-id + (linux's) ssh-agent? Thanks! Ruda From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: References: Date: Fri, 8 Mar 2013 18:30:43 +0000 Message-ID: From: Charles Forsyth To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: multipart/alternative; boundary=bcaec52c5e656868b404d76e0567 Subject: Re: [9fans] unix rsa-key with passphrase vs. p9(p) Topicbox-Message-UUID: 2560ae22-ead8-11e9-9d60-3106f5b1d025 --bcaec52c5e656868b404d76e0567 Content-Type: text/plain; charset=UTF-8 On 8 March 2013 18:02, Rudolf Sykora wrote: > Finally, is there any reason to prefer the factotum way rather than the > linux's > way just with ssh-keygen (with a passphrase) + ssh-copy-id + (linux's) > ssh-agent? > All my keys are stored in several secstores ... on the net, not on my local machine. This is even better than having lots of $HOME/.ssh files on every machine, although of course for Linux purposes, I have some of those as well. --bcaec52c5e656868b404d76e0567 Content-Type: text/html; charset=UTF-8

On 8 March 2013 18:02, Rudolf Sykora <rudolf.sykora@gmail.com> wrote:
Finally, is there any reason to prefer the factotum way rather than the linux's
way just with ssh-keygen (with a passphrase) + ssh-copy-id + (linux's)
ssh-agent?

All my keys are stored in several secstores ... on the net, not on my local machine.
This is even better than having lots of $HOME/.ssh files on every machine,
although of course for Linux purposes, I have some of those as well.
--bcaec52c5e656868b404d76e0567-- From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: References: Date: Sat, 9 Mar 2013 00:27:56 +0100 Message-ID: From: hiro <23hiro@gmail.com> To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=UTF-8 Subject: Re: [9fans] unix rsa-key with passphrase vs. p9(p) Topicbox-Message-UUID: 2566115a-ead8-11e9-9d60-3106f5b1d025 what if that cloud machine breaks, you have to drive out to get the keys to all your machines back? From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Apple Message framework v1283) From: Stephen Wiley In-Reply-To: Date: Fri, 8 Mar 2013 18:35:20 -0500 Content-Transfer-Encoding: 7bit Message-Id: References: To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Subject: Re: [9fans] unix rsa-key with passphrase vs. p9(p) Topicbox-Message-UUID: 256c1aaa-ead8-11e9-9d60-3106f5b1d025 or if you're hot air balloon to the cloud breaks.... On Mar 8, 2013, at 6:27 PM, hiro wrote: > what if that cloud machine breaks, you have to drive out to get the > keys to all your machines back? > From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: References: Date: Sat, 9 Mar 2013 02:09:07 +0000 Message-ID: From: Charles Forsyth To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: multipart/alternative; boundary=f46d0438ee61bd291d04d7746c13 Subject: Re: [9fans] unix rsa-key with passphrase vs. p9(p) Topicbox-Message-UUID: 25718db4-ead8-11e9-9d60-3106f5b1d025 --f46d0438ee61bd291d04d7746c13 Content-Type: text/plain; charset=UTF-8 It isn't just one "cloud machine", and includes several servers that I own, and virtual servers that I lease, and my Internet connections are usually good; if they are not, the machines I'd otherwise connect to outside the house aren't accessible anyway, so I don't need the keys. --f46d0438ee61bd291d04d7746c13 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
It isn't just one &qu= ot;cloud machine", and includes several servers that I own, and virtua= l servers that I lease,
and my Intern= et connections are usually good; if they are not, the machines I'd othe= rwise connect to outside
the house aren't accessible anyway, so= I don't need the keys.
--f46d0438ee61bd291d04d7746c13--