Eliminé mi nombre de usuario por USERNAME y el ip por 000.000.000.000 CLIENT es el hostname del cliente y SERVER el del servidor :)
Lo cree sin passphrase a pesar de que eso NO se debe hacer. Mejor utiliza ssh-agent y/o keychain. El config file del servidor es el DEFAULT!!! abajo te lo coloqué. Las líneas que inician con *** son comentarios. ------------------------------------------------------------------- [EMAIL PROTECTED]:$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/USERNAME/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/USERNAME/.ssh/id_dsa. Your public key has been saved in /home/USERNAME/.ssh/id_dsa.pub. The key fingerprint is: ee:c2:27:33:74:a9:f3:2f:de:ed:f4:80:0f:71:63:64 [EMAIL PROTECTED] ***Ese comando genero el key sin el passphrase (NO se debe hacer) [EMAIL PROTECTED]:$ ssh -l USERNAME 000.000.000.000 mkdir /home/USERNAME/.ssh The authenticity of host '000.000.000.000 (000.000.000.000)' can't be established. RSA key fingerprint is 13:64:f9:e6:1e:d2:8b:68:ac:9e:60:af:6c:17:a6:0d. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '000.000.000.000' (RSA) to the list of known hosts. Password: ***Cree el directorio de .ssh en el server porque no existía. No había utilizado ssh desde el servidor. Es mas, lo instale sólo para el ejemplo. [EMAIL PROTECTED]:$ scp .ssh/id_dsa.pub [EMAIL PROTECTED]:/home/USERNAME/.ssh/authorized_keys Password: id_dsa.pub 100% 600 0.6KB/s 00:00 ***Copiando el pub key al SERVIDOR [EMAIL PROTECTED]:$ ssh -l USERNAME 000.000.000.000 Linux SERVER 2.4.27-2-386 #1 Mon May 16 16:47:51 JST 2005 i686 GNU/Linux The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. You have new mail. [EMAIL PROTECTED]:~$ ***Listo, se conecto sin pedir password. Oh hasta tengo mail! :) [EMAIL PROTECTED]:~$ cat /etc/ssh/sshd_config # Package generated configuration file # See the sshd(8) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 600 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Change to yes to enable tunnelled clear text passwords PasswordAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes X11Forwarding no X11DisplayOffset 10 PrintMotd no PrintLastLog yes KeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net Subsystem sftp /usr/lib/sftp-server UsePAM yes [EMAIL PROTECTED]:~$ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]