SSH v2 sans password prompting...
How do I get logged in to a remote host, via ssh, w/o password prompting, a la the rhosts file? I can do it with SSH v1, but v2 seems to give me some problems. I've plugged the public key into the authorized_keys file, but no dice. Any suggestions? Thanks, -Ken ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: SSH v2 sans password prompting...
The most blindly simple-minded approach would be the equivalent of: cat clientMachine:~/.ssh/id*pub >>serverMachine:~/.ssh/authorized_keys cat clientMachine:~/.ssh/id*pub >>serverMachine:~/.ssh/authorized_keys2 chmod go-rwx clientMachine:~/.ssh/authorized_keys* chmod go-rwx serverMachine:~/.ssh/authorized_keys* ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: SSH v2 sans password prompting...
>The most blindly simple-minded approach >would be the equivalent of: > > cat clientMachine:~/.ssh/id*pub >>serverMachine:~/.ssh/authorized_keys > cat clientMachine:~/.ssh/id*pub >>serverMachine:~/.ssh/authorized_keys2 > chmod go-rwx clientMachine:~/.ssh/authorized_keys* > chmod go-rwx serverMachine:~/.ssh/authorized_keys* ...I should have mentioned that I'm using an SSH package that ID's itself thus: OpenSSH_3.4p1 Debian 1:3.4p1-2, SSH protocols 1.5/2.0, OpenSSL 0x0090605f ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: SSH v2 sans password prompting...
In a message dated: Wed, 04 Sep 2002 07:14:31 PDT Ken Ambrose said: >How do I get logged in to a remote host, via ssh, w/o password prompting, >a la the rhosts file? I can do it with SSH v1, but v2 seems to give me >some problems. I've plugged the public key into the authorized_keys file, >but no dice. Any suggestions? I think v2 forces use of the v2 protocol over the v1 protocol. You can create a ~/.ssh/config file which specifies 'Protocol 1,2'. But that's relatively insecure. The better way to do it is to create v2 keys using 'ssh-keygen -t dsa'. You can then place your new v2/dsa key into authorized_keys. Hope that helps. Oh, btw, use 'ssh -v' when debugging this stuff to see exactly why you connection promps for passwords, etc. There's loads of info in there to tell you what's actually happening. -- Seeya, Paul -- It may look like I'm just sitting here doing nothing, but I'm really actively waiting for all my problems to go away. If you're not having fun, you're not doing it right! ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: SSH v2 sans password prompting...
On Wed, 2002-09-04 at 10:14, Ken Ambrose wrote: > How do I get logged in to a remote host, via ssh, w/o password prompting, > a la the rhosts file? I can do it with SSH v1, but v2 seems to give me > some problems. I've plugged the public key into the authorized_keys file, > but no dice. Any suggestions? Here's my procedure. I only use the commercial version of ssh (for various reasons), so this is only good for that... not OpenSSH. * run ssh-keygen locally. * You may wish to rename the keypair files * create a file named ~/.ssh2/identification with the following structure: IdKey [private key filename] * copy your local public key to the remote host as .ssh2/user-host.pub (replace this with your local user and local hostname) * create a file named ~/.ssh2/authorization on the remote machine with the following structure: Key [filename of the public key that you copied to the machine] ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: SSH v2 sans password prompting...
On Wed, 4 Sep 2002 [EMAIL PROTECTED] wrote: > > In a message dated: Wed, 04 Sep 2002 07:14:31 PDT > Ken Ambrose said: > > >How do I get logged in to a remote host, via ssh, w/o password prompting, > >a la the rhosts file? I can do it with SSH v1, but v2 seems to give me > >some problems. I've plugged the public key into the authorized_keys file, > >but no dice. Any suggestions? > > I think v2 forces use of the v2 protocol over the v1 protocol. You > can create a ~/.ssh/config file which specifies 'Protocol 1,2'. > But that's relatively insecure. > > The better way to do it is to create v2 keys using 'ssh-keygen -t dsa'. > You can then place your new v2/dsa key into authorized_keys. In the case of ssh2 I think the file is called authorized_keys2. At least it is on my system. --rdp -- Rich Payne http://talisman.mv.com ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: SSH v2 sans password prompting...
Ken Ambrose <[EMAIL PROTECTED]> writes: > How do I get logged in to a remote host, via ssh, w/o password prompting, > a la the rhosts file? I can do it with SSH v1, but v2 seems to give me > some problems. I've plugged the public key into the authorized_keys file, > but no dice. Any suggestions? Are you running ssh-agent? --kevin -- Kevin D. Clark / Cetacean Networks / Portsmouth, N.H. (USA) cetaceannetworks.com!kclark (GnuPG ID: B280F24E) alumni.unh.edu!kdc ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: SSH v2 sans password prompting...
Good morning, Ken, On Wed, 4 Sep 2002, Ken Ambrose wrote: > How do I get logged in to a remote host, via ssh, w/o password prompting, > a la the rhosts file? I can do it with SSH v1, but v2 seems to give me > some problems. I've plugged the public key into the authorized_keys file, > but no dice. Any suggestions? Keys in ssh protocol 2 are a pain - unlike ssh1 where the filenames and file format are standard. Head over to http://www.stearns.org/ssh-keyinstall/ . Pull down the latest rpm or tar file and run. You'll need netcat installed on the system - comes with current distributions as "nc...rpm" To run it, type "ssh-keyinstall -s the_ssh_server" . It will install your ssh key to the remote machine in the right format in the right file. You'll need to type your password on the remote box a number of times, but that'll be the last times you'll need to type it. :-) I have some additional articles and resources at: http://www.stearns.org/ssh-keyinstall/ http://www.stearns.org/doc/ssh-intro.current.html http://www.stearns.org/doc/ssh-techniques-two.current.html http://www.stearns.org/fanout/ Cheers, - Bill --- I'm not tense, just terribly, terribly alert. (Courtesy of "Michael J. Dark" <[EMAIL PROTECTED]>) -- William Stearns ([EMAIL PROTECTED]). Mason, Buildkernel, named2hosts, and ipfwadm2ipchains are at:http://www.stearns.org -- ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: SSH v2 sans password prompting...
Ken Ambrose <[EMAIL PROTECTED]> writes: > How do I get logged in to a remote host, via ssh, w/o password prompting, > a la the rhosts file? I can do it with SSH v1, but v2 seems to give me > some problems. I've plugged the public key into the authorized_keys file, > but no dice. Any suggestions? > > Thanks, The most common problem I've seen with setting up ssh keys has been directory permissions. Nine times out of ten when someone asks me to help with this, it turns out they left their .ssh directory wide open. I change it so only they can read or access the directory: chmod 700 ~/.ssh chmod 600 ~/.ssh/* This is with openssh. -- John Abreau / Executive Director, Boston Linux & Unix ICQ 28611923 / AIM abreauj / YAHOO abreauj Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 Some people say, "The enemy of my enemy is my friend." I often respond, "When elephants fight, it's the grass that gets trampled." msg00594/pgp0.pgp Description: PGP signature
