Many moons ago I set up my (then RH) Linux box to pass the current password automatically when SSHing to another box. If I was logged on as steve, and I did "ssh myserver" it would take me straight to a shell on myserver, logged on as steve, assuming the steve account on myserver had the same password as the box I was coming from. I was not asked for the password.
Does anyone know what I need to change to change my current setup to work like this.
Cheers
Steve
On Sun, Mar 28, 2004 at 11:46:40AM +0100, Steve Searle wrote:
Many moons ago I set up my (then RH) Linux box to pass the current password automatically when SSHing to another box. If I was logged on as steve, and I did "ssh myserver" it would take me straight to a shell on myserver, logged on as steve, assuming the steve account on myserver had the same password as the box I was coming from. I was not asked for the password.
Does anyone know what I need to change to change my current setup to work like this.
1/ Use ssh-keygen to generate an ssh key. 2/ Copy the public part of the new key to the remote box (it goes in ~/.ssh/authorized_keys)
At this stage you'll be prompted for the key's passphrase rather than the user's password when connecting to the remote box. To get rid of that, you'll need to be running ssh-agent.
3/ Run "ssh-agent $SHELL" from the command line 4/ Run "ssh-add" from the command line - this will prompt you for the key's passphrase
Now you shouldn't be prompted for the passphrase when you try to connect to any box that has your key installed.
See the docs at http://openssh.org/manual.html for more details.
Dave...
If you run ssh-keygen -t rsa1 that's right (copy identity.pub--default file name--to authorized_keys) but if you've run ssh-keygen -t dsa (it's a good idea to have all three keys, also -t rsa), then you might want to copy id_dsa.pub (default file name) to authorized_keys2. This only works without a password if there's no passphrase.
Ron
Dave Cross wrote:
On Sun, Mar 28, 2004 at 11:46:40AM +0100, Steve Searle wrote:
Many moons ago I set up my (then RH) Linux box to pass the current password automatically when SSHing to another box. If I was logged on as steve, and I did "ssh myserver" it would take me straight to a shell on myserver, logged on as steve, assuming the steve account on myserver had the same password as the box I was coming from. I was not asked for the password.
Does anyone know what I need to change to change my current setup to work like this.
1/ Use ssh-keygen to generate an ssh key. 2/ Copy the public part of the new key to the remote box (it goes in ~/.ssh/authorized_keys)
At this stage you'll be prompted for the key's passphrase rather than the user's password when connecting to the remote box. To get rid of that, you'll need to be running ssh-agent.
3/ Run "ssh-agent $SHELL" from the command line 4/ Run "ssh-add" from the command line - this will prompt you for the key's passphrase
Now you shouldn't be prompted for the passphrase when you try to connect to any box that has your key installed.
See the docs at http://openssh.org/manual.html for more details.
Dave...
-- New .sigs Running in please parse
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
Ron Herardian said: [snip]
then you might want to copy id_dsa.pub (default file name) to authorized_keys2.
According to the man page: "$HOME/.ssh/authorized_keys is the default file that lists the public keys that are permitted for RSA authentication in protocol version 1 and for public key authentication (PubkeyAuthentication) in protocol version 2."
authorized_keys2 isn't needed (and hasn't been for a while now).
Am So, den 28.03.2004 schrieb Ron Herardian um 15:10:
If you run ssh-keygen -t rsa1 that's right (copy identity.pub--default file name--to authorized_keys) but if you've run ssh-keygen -t dsa (it's a good idea to have all three keys, also -t rsa), then you might want to copy id_dsa.pub (default file name) to authorized_keys2. This only works without a password if there's no passphrase.
Ron
To create keypairs for SSH logins using public key authentification it is absolutely BAD and highly NOT RECOMMENDED to create keys WITHOUT a passphrase! Once the private key is stolen it can be used without problems. While it is secured by a valuable passphrase it is useless unless the thief can brute force crack the passphrase (which implies that the passphrase was badly choosen, too simple).
To get an authentification process using SSH which requires not the input of a passphrase or password (just for the first time) there are the tools ssh-agent and ssh-add. Dave explained that already in his reply.
NEVER create keypairs without a passphrase or create an account without password protection!
Alexander
Am So, den 28.03.2004 schrieb Steve Searle um 12:46:
Many moons ago I set up my (then RH) Linux box to pass the current password automatically when SSHing to another box. If I was logged on as steve, and I did "ssh myserver" it would take me straight to a shell on myserver, logged on as steve, assuming the steve account on myserver had the same password as the box I was coming from. I was not asked for the password.
Does anyone know what I need to change to change my current setup to work like this.
Cheers
Steve
A reader friendly howto what you did set up is to be found here:
http://fedoranews.org/dowen/sshkeys/
Alexander
I've used a nifty frontend bash script to ssh-agent called keychain. You can get it here: http://www.gentoo.org/proj/en/keychain.xml
Also the author has a good 3 part howto available here: http://www-106.ibm.com/developerworks/library/l-keyc.html
* Alexander Dalloz (alexander.dalloz@uni-bielefeld.de) on [040328 10:53] thus spake:
Am So, den 28.03.2004 schrieb Steve Searle um 12:46:
Many moons ago I set up my (then RH) Linux box to pass the current password automatically when SSHing to another box. If I was logged on as steve, and I did "ssh myserver" it would take me straight to a shell on myserver, logged on as steve, assuming the steve account on myserver had the same password as the box I was coming from. I was not asked for the password.
Does anyone know what I need to change to change my current setup to work like this.
Cheers
Steve
A reader friendly howto what you did set up is to be found here:
http://fedoranews.org/dowen/sshkeys/
Alexander
-- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl Sirendipity 17:37:40 up 9 days, 1:19, load average: 0.41, 0.16, 0.11 [ ?????????? ??'?????????? - gnothi seauton ] my life is a planetarium - and you are the stars