Re: setting up passwordless ssh connections
From: yufan (iamyufan_at_gmail.com)
Date: 08/08/05
- Previous message: Jason Riker: "Re: Fedora Core 4 on the HP Pavilion dv1340us"
- In reply to: T. Horsnell: "Re: setting up passwordless ssh connections"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 8 Aug 2005 12:07:03 +0800 To: For users of Fedora Core releases <fedora-list@redhat.com>
sorry i cannot understand what you have done.but this is what i have done
and i can ssh without password
1. Make sure ssh is installed on your network ( which ssh). If it isn't, you
can get ssh from *http://www.ssh.fi/sshprotocols2/index.html*.
2. Create your authentication key.
ssh-keygen
This will generate a private/public key pair. The private key will be
saved in ~/.ssh/identity
and the public key will be saved in ~/.ssh/identity.pub
3. Authorize Access. Place your public key in your
/.ssh/authorized_keys file. All keys listed in that file are
allowed access. cp /.ssh/identity.pub /.ssh/authorized_keys
If the machine you are connecting to does not share a common file system,
then /.ssh/identity.pub should be copied over to the
/.ssh/authorized_keysfile of the machine you will be connecting to.
ssh will insist that authorized_keys have its permissions set so that it is
not group writable, so do
chmod go-rwx /.ssh/authorized_keys
This step avoids the need to enter your password each time you want to run a
secure shell command.
4. In order to avoid typing in your pass phrase each time ssh is invoked, a
ssh-agent needs to be created and your pass phrase added.
ssh-agent $SHELL
ssh-add
On 8/8/05, T. Horsnell <tsh@mrc-lmb.cam.ac.uk> wrote:
>
> >Hi,
> >
> >I am trying to setup passwordless ssh connections
> >
> >so far i have
> >1) created rsa private/public keys
> >2) copied the public key (id_rsa.pub) to the machine i
> >want to connect to and renamed it authorized_keys in
> >the .ssh dir
> >
> >when i try to connect it still asks me for the
> >password
> >
> >ssh -v tells me a few things -
> >
> >Next authentication method: publickey
> > * that's good*
> >debug1: Trying private key:
> >/home/username/.ssh/identity
> >debug1: read PEM private key done: type RSA
> >
> >*wonderfull! it is reading the client side private
> >key*
> >
> >then.........
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Offering public key:
> >/home/username/.ssh/id_rsa
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Offering public key:
> >/home/username/.ssh/id_dsa
> >
> >then it goes to password :(
> >
> >it never looks for the authorized_key file. i have
> >even place id_rsa in my .ssh dir on the server and
> >even renamed id_rsa.pub to id_rsa on the server but
> >nothing helps.
> >
> >so I looked at the server config and changed from the
> >FC defaults to
> >
> >PubkeyAuthentication yes
> >AuthorizedKeysFile .ssh/authorized_keys
> >
> >interesting enough when sshd was restarted from the
> >init.d script it did not kick any existing users off
> >the server. shouldn't it have broken the connection
> >amybe a need to do a full stop and start for
> >sshd_config to be re-loaded ?
> >
> >permissions are 0600 on authorized_keys
> >
> >what am i doing wrong ?
>
> I think the permission 0600 on authorized_keys is correct.
> Try setting the permissions on $HOME/.ssh to 700 as well.
>
> To see more what's going on, if you have control of the
> machine you are trying to log in to, stop sshd and start
> it manually with -dd -e options set: /usr/sbin/sshd -dd -e
> (see man sshd). You should then get a bunch of diagnostics
> sent to the server terminal when you try to ssh from your client.
>
> Cheers,
> Terry.
>
>
>
> >
> >btw what does the -1 mean in the debug message
> >
> >debug1: identity file /home/username/.ssh/identity
> >type -1
> >debug1: identity file /home/username/.ssh/id_rsa type
> >1
> >debug1: identity file /home/username/.ssh/id_dsa type
> >2
> >
> >thanx for your help.
> >
> >lazer
> >ssh -v 10.10.10.10 <http://10.10.10.10>
> >OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
> >debug1: Reading configuration data /etc/ssh/ssh_config
> >debug1: Applying options for *
> >debug1: Connecting to 10.10.10.10 <http://10.10.10.10> port 22.
> >debug1: Connection established.
> >debug1: identity file /home/username/.ssh/identity
> >type -1
> >debug1: identity file /home/username/.ssh/id_rsa type
> >1
> >debug1: identity file /home/username/.ssh/id_dsa type
> >2
> >debug1: Remote protocol version 2.0, remote software
> >version OpenSSH_4.0
> >debug1: match: OpenSSH_4.0 pat OpenSSH*
> >debug1: Enabling compatibility mode for protocol 2.0
> >debug1: Local version string SSH-2.0-OpenSSH_3.9p1
> >debug1: SSH2_MSG_KEXINIT sent
> >debug1: SSH2_MSG_KEXINIT received
> >debug1: kex: server->client aes128-cbc hmac-md5 none
> >debug1: kex: client->server aes128-cbc hmac-md5 none
> >debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
> >sent
> >debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> >debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> >debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> >debug1: Host '212.25.92.186 <http://212.25.92.186>' is known and matches
> the
> >RSA host key.
> >debug1: Found key in /home/username/.ssh/known_hosts:1
> >debug1: ssh_rsa_verify: signature correct
> >debug1: SSH2_MSG_NEWKEYS sent
> >debug1: expecting SSH2_MSG_NEWKEYS
> >debug1: SSH2_MSG_NEWKEYS received
> >debug1: SSH2_MSG_SERVICE_REQUEST sent
> >debug1: SSH2_MSG_SERVICE_ACCEPT received
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Next authentication method: gssapi-with-mic
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Next authentication method: publickey
> >debug1: Offering public key:
> >/home/username/.ssh/id_rsa
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Trying private key:
> >/home/username/.ssh/identity
> >debug1: read PEM private key done: type RSA
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Offering public key:
> >/home/username/.ssh/id_rsa
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Offering public key:
> >/home/username/.ssh/id_dsa
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Next authentication method: password
> >
>
>
>
> >
> >
> >
> >
> >
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Tired of spam? Yahoo! Mail has the best spam protection around
> >http://mail.yahoo.com
> >
> >--
> >fedora-list mailing list
> >fedora-list@redhat.com
> >To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> >
>
> --
> fedora-list mailing list
> fedora-list@redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
-- 乘天地之正,御六气之辩,以游于无穷
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
- Previous message: Jason Riker: "Re: Fedora Core 4 on the HP Pavilion dv1340us"
- In reply to: T. Horsnell: "Re: setting up passwordless ssh connections"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
