For the use of people who may be interested. After my question here is what I have found you need to do in order to allow a passwordless RSA authenticated ssh or scp session between hosts.
Hope it's useful to some one out there... Adam. ___________________________________________________________________ Written By Adam: 06 November 1997 To set up passwordless SSH sessions between hosts which rely on RSA for authentication rather then passwords, follow the steps below. 1. First make sure that there are ~/.ssh/identity and ~/.ssh/identity.pub files (this is where the public and private keys are kept) on both hosts. If the host/user does not yet have a key pair then you need to generate one by running 'ssh-keygen' (it's very straight forward, just run it). 2. Next copy (from the client machine) the line from ~/.ssh/identity.pub and put it in the ~/.ssh/authorized_keys file (make sure it doesn't line wrap accidentally, it should be only one line per host authorized). Check permissions to make sure *only* the user has read privileges to the private key! 3. Next on the server machine make sure that these changes have been made to the /etc/ssh/sshd_config file (you need to restart sshd if you made any changes): PermitRootLogin nopwd RhostsAuthentication no RhostsRSAAuthentication yes RSAAuthentication yes 4. Create an ~/.shosts file on the server machine with an entry for the host that you want to have access. It should contain one fully qualified domain name per line. 5. Use SSH to connect *both* ways using the fully qualified domain name of the server host in the command line, this is to make sure that host keys are exchanged. You may have to temporarily modify the hosts.[allow|deny] files to allow the connection one way. 6. Test it with 'ssh -v hostname' and see what goes wrong. The most common problem I've run into is mismatched host keys, where the exchanged keys use an inconsistently qualified host named (ie. the server looks for 'host.isp.net' in ~/.ssh/known_hosts but can only find 'host'). 7. As Bruce says, "Have a beer". ------------------------ Internet Alaska -------------------------- 4050 Lake Otis Adam Shand (v) +1 907 562 4638 Anchorage, Alaska Systems Administrator (f) +1 907 562 1677 ----------------- http://larry.earthlight.co.nz ------------------- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .