If you're using OpenSSH 2.9p2, you can use RSA2 Keys. $ ssh-keygen -t rsa -f ~/.ssh/id_rsa -N '' -C 'my key' Then, copy the id_rsa.pub file into your ~/.ssh/authorized_keys2 file on the remote server. There's no need to run ssh-agent. Just run ssh to connect to the server. If there's a real reason not to use SSH Protocol 2, then specify a "-1" on the command line to use the identity file. -ME ----- Original Message ----- From: "Dan B" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 22, 2001 8:37 PM Subject: Newbie learns to do authentication by key with 2.9p2 > Much like a few recent posts, I am trying to get key auth working. In > fact, I've done it several times before, but I can't remember how I got it > to work. I'm sure that I'm missing something simple, so I'll post the > entire process that I use. > > BTW, will messed up DNS cause it to use passwords instead of keys? Empty > passphrases wont mess it up, will they? (I'm only using empty ones for > testing). > > (Openssh 2.9p2 & Redhat 7.0 on both sides) > > NOTES: - box that you want to log INTO, is SERVER. > - box that you want to run ssh or scp FROM, without using password, > is CLIENT > > #FROM CLIENT: > > #generate key (once), use defaults (rsa1, .ssh/identity, no passphrase, etc.) > ssh-keygen > > #copy public key to server > scp .ssh/identity.pub SERVER:/root/CLIENT.identity.pub > > #start ssh-agent the correct way. > eval `ssh-agent` > > #tell agent about our private key > ssh-add .ssh/identity > > #FROM SERVER: > > #allow public key, (does NOT go in authorized_keys2 file) > cat CLIENT.identity.pub >> .ssh/authorized_keys > > That is the process I do to setup key auth. What is it missing? Here is > what I get when I test it: > > (Of special note, IMHO, is: > debug2: userauth_pubkey_agent: no keys at all > debug2: userauth_pubkey_agent: no more keys > debug2: userauth_pubkey_agent: no message sent > ) > > Thanks for any light you can shed! > > -Dan > > PS. Is there any other mailing list archives besides those at: > http://marc.theaimsgroup.com/?l=openssh-unix-dev, which seems to be mostly > a developer-oriented archive. >
