On Mon, Aug 21, 2000 at 06:18:53PM -0400, Kevin Wood wrote:
> If you look at the command ssh-keygen, this is what you will need.
>
> Run the command ssh-keygen as the user you will be logging into the
> remote machine with.
> This will produce a identity key and an identity.pub key located in the
> ~/.ssh/ directory. Now on the remote machine, make a directory called
> ~/.ssh with the same user name again. Copy the identity.pub key to
> ~/.ssh/authorized_keys. Then try to login again. This should allow you
> remote access without a password. If I am mistaken or have missed any
> steps, would someone let me know. Thanks
This is correct but there is one little wrinkle that needs to be addressed.
When you run ssh-keygen it will create the public/private keypair then ask
you for a password. You should *not* type a password. Just press the enter
key. I believe it asks for the password twice so press enter twice. I
struck me as odd that ssh would ask for a password for something that was
to automate logging in. However there is a reason.
The idea behind using ssh-keygen is so that you not only have to use a
password but you also have to have the matching private key of the public
key on the system you are logging into (this is what is in the
authorized_keys file). The default usage of ssh only asks for a password
which means that if I knew your password I could easily login to a remote
system using 'ssh -l <yourusername> host.domain.com'. However, if you have
generated the public/private keypair I now *have* to be on the system that
has that private key because ssh is doing two things: verifying password and
matching the keys.
The up-shot of all this is if you generate the public/private keypair
without specifying a password, ssh will just do a keypair check. If they
match, you're in. If they don't, you're not.
Steve
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
