setting up passwordless ssh connections

yufan iamyufan at gmail.com
Mon Aug 8 04:07:03 UTC 2005 

sorry i cannot understand what you have done.but this is what i have done 
and i can ssh without password

1. Make sure ssh is installed on your network ( which ssh). If it isn't, you 
can get ssh from *http://www.ssh.fi/sshprotocols2/index.html*. 
2. Create your authentication key. 

    ssh-keygen 
This will generate a private/public key pair.  The private key will be   
saved in     ~/.ssh/identity 
and the public key will be saved in     ~/.ssh/identity.pub 
3. Authorize Access. Place your public key in your  
/.ssh/authorized_keys file.  All keys listed in that file are

allowed access.        cp  /.ssh/identity.pub  /.ssh/authorized_keys 

If the machine you are connecting to does not share a common file system, 
then /.ssh/identity.pub should be copied over to the
/.ssh/authorized_keysfile of the machine you will be connecting to.
ssh will insist that authorized_keys have its permissions set so that it is 
not group writable, so do 

    chmod go-rwx  /.ssh/authorized_keys 

This step avoids the need to enter your password each time you want to run a 
secure shell command. 
4. In order to avoid typing in your pass phrase each time ssh is invoked, a 
ssh-agent needs to be created and your pass phrase added. 

    ssh-agent $SHELL 

    ssh-add 



On 8/8/05, T. Horsnell <tsh at mrc-lmb.cam.ac.uk> wrote:
> 
> >Hi,
> >
> >I am trying to setup passwordless ssh connections
> >
> >so far i have
> >1) created rsa private/public keys
> >2) copied the public key (id_rsa.pub) to the machine i
> >want to connect to and renamed it authorized_keys in
> >the .ssh dir
> >
> >when i try to connect it still asks me for the
> >password
> >
> >ssh -v tells me a few things -
> >
> >Next authentication method: publickey
> > * that's good*
> >debug1: Trying private key:
> >/home/username/.ssh/identity
> >debug1: read PEM private key done: type RSA
> >
> >*wonderfull! it is reading the client side private
> >key*
> >
> >then.........
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Offering public key:
> >/home/username/.ssh/id_rsa
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Offering public key:
> >/home/username/.ssh/id_dsa
> >
> >then it goes to password :(
> >
> >it never looks for the authorized_key file. i have
> >even place id_rsa in my .ssh dir on the server and
> >even renamed id_rsa.pub to id_rsa on the server but
> >nothing helps.
> >
> >so I looked at the server config and changed from the
> >FC defaults to
> >
> >PubkeyAuthentication yes
> >AuthorizedKeysFile .ssh/authorized_keys
> >
> >interesting enough when sshd was restarted from the
> >init.d script it did not kick any existing users off
> >the server. shouldn't it have broken the connection
> >amybe a need to do a full stop and start for
> >sshd_config to be re-loaded ?
> >
> >permissions are 0600 on authorized_keys
> >
> >what am i doing wrong ?
> 
> I think the permission 0600 on authorized_keys is correct.
> Try setting the permissions on $HOME/.ssh to 700 as well.
> 
> To see more what's going on, if you have control of the
> machine you are trying to log in to, stop sshd and start
> it manually with -dd -e options set: /usr/sbin/sshd -dd -e
> (see man sshd). You should then get a bunch of diagnostics
> sent to the server terminal when you try to ssh from your client.
> 
> Cheers,
> Terry.
> 
> 
> 
> >
> >btw what does the -1 mean in the debug message
> >
> >debug1: identity file /home/username/.ssh/identity
> >type -1
> >debug1: identity file /home/username/.ssh/id_rsa type
> >1
> >debug1: identity file /home/username/.ssh/id_dsa type
> >2
> >
> >thanx for your help.
> >
> >lazer
> >ssh -v 10.10.10.10 <http://10.10.10.10>
> >OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
> >debug1: Reading configuration data /etc/ssh/ssh_config
> >debug1: Applying options for *
> >debug1: Connecting to 10.10.10.10 <http://10.10.10.10> port 22.
> >debug1: Connection established.
> >debug1: identity file /home/username/.ssh/identity
> >type -1
> >debug1: identity file /home/username/.ssh/id_rsa type
> >1
> >debug1: identity file /home/username/.ssh/id_dsa type
> >2
> >debug1: Remote protocol version 2.0, remote software
> >version OpenSSH_4.0
> >debug1: match: OpenSSH_4.0 pat OpenSSH*
> >debug1: Enabling compatibility mode for protocol 2.0
> >debug1: Local version string SSH-2.0-OpenSSH_3.9p1
> >debug1: SSH2_MSG_KEXINIT sent
> >debug1: SSH2_MSG_KEXINIT received
> >debug1: kex: server->client aes128-cbc hmac-md5 none
> >debug1: kex: client->server aes128-cbc hmac-md5 none
> >debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
> >sent
> >debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> >debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> >debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> >debug1: Host '212.25.92.186 <http://212.25.92.186>' is known and matches 
> the
> >RSA host key.
> >debug1: Found key in /home/username/.ssh/known_hosts:1
> >debug1: ssh_rsa_verify: signature correct
> >debug1: SSH2_MSG_NEWKEYS sent
> >debug1: expecting SSH2_MSG_NEWKEYS
> >debug1: SSH2_MSG_NEWKEYS received
> >debug1: SSH2_MSG_SERVICE_REQUEST sent
> >debug1: SSH2_MSG_SERVICE_ACCEPT received
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Next authentication method: gssapi-with-mic
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Next authentication method: publickey
> >debug1: Offering public key:
> >/home/username/.ssh/id_rsa
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Trying private key:
> >/home/username/.ssh/identity
> >debug1: read PEM private key done: type RSA
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Offering public key:
> >/home/username/.ssh/id_rsa
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Offering public key:
> >/home/username/.ssh/id_dsa
> >debug1: Authentications that can continue:
> >publickey,gssapi-with-mic,password
> >debug1: Next authentication method: password
> >
> 
> 
> 
> >
> >
> >
> >
> >
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Tired of spam? Yahoo! Mail has the best spam protection around
> >http://mail.yahoo.com
> >
> >--
> >fedora-list mailing list
> >fedora-list at redhat.com
> >To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> >
> 
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> 



-- 
乘天地之正,御六气之辩,以游于无穷
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050808/d09116bb/attachment-0001.htm>

More information about the fedora-list mailing list