From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <c6f9e00d77b69248457ceda716ab79f4@plan9.bell-labs.com>
From: Eric Grosse <ehg@research.bell-labs.com>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] factotum nits
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Date: Mon, 11 Nov 2002 14:58:58 -0500
Topicbox-Message-UUID: 1b05e5c6-eacb-11e9-9e20-41e7f4b1d025

Instead of teaching a lot of Unix passwords to my factotum via secstore,
I like to use RSA authentication.  Here are the steps:

1. generate a public/private key-pair:
	ramfs -p
	cd /tmp
	aux/ssh_genkey ssh
2. add ssh.secret.factotum to your secstore:
	ipso factotum
3. add ssh.public to .ssh/authorized_keys on your Unix systems.

If you're careful, at step 2 you backup on a second secstore.
You can give .ssh/authorized_keys to anybody setting up accounts
on new machines for you;  that can go in the clear across the
Internet, which may may account management easier.

Presotto suggests that step 1 should be integrated into ipso.

Eric