RE: [SLUG] SSH help please

From: Seth Hollen (seth@hollen.org)
Date: Thu May 09 2002 - 13:10:55 EDT


Thanks Matt, that was one of the most detailed and best laid tutorials
on ssh I've seen, I was thinking of doing a FAQ on ssh for the slug
page, do you mind if I use part of that?

OK I think I have it figured out, I had the keys and permissions right,
but in Redhat it wants to use authorized_keys2, related to what you said
Matt.

AND...in /etc/ssh/sshd_config you have to PasswordAuthentication set to
NO
I had tried commenting it out, not to mention I didn't think that should
matter.

But I was able to run rsync from my laptop to the server, so now the
only thing to do is configure the backup computer, which I plan on doing
tonight.
I will let you all know what happens.

Thanks!!!!

Take care,
Seth Hollen
seth@hollen.org
727-919-1598

-----Original Message-----
From: slug@lists.nks.net [mailto:slug@lists.nks.net] On Behalf Of Matt
Miller
Sent: Thursday, May 09, 2002 9:26 AM
To: slug@nks.net
Subject: Re: [SLUG] SSH help please

On Wed, 2002-05-08 at 22:31, Seth Hollen wrote:
> I'm trying to set up a rsync script to back up a remote server, but I
> can't get ssh to work without using passwords, I have copied the
public
> keys of the computers involved to the authorized_keys files of the
other
> but still no luck I always get asked for my password.

The process I use for creating "passphraseless" ssh keys:
Three specific notes:
1) You have 3 options for the type of key -- rsa (ssh2), dsa (ssh2), and
rsa1 (ssh1). RSA1 is not advised.
2) The newer versions of OpenSSH use a unified authorized_keys file. The
older versions of OpenSSH use authorized_keys for rsa1 and
authorized_keys2 for rsa and dsa. The newer versions of OpenSSH will
read both authorized_keys files.
3) If a script -- which requires remote passphraseless authentication --
is running as a specific user, the keys must be created as that user.

Part 1:

$ ssh-keygen -b 2048 -t dsa (or)
$ ssh-keygen -b 2048 -t rsa
Generating public/private dsa key pair.
(this will take a few moments to complete)
Enter file in which to save the key (/home/$LOGNAME/.ssh/id_dsa):
<enter> (where $LOGNAME = the username creating the keys)
Created directory '/home/$LOGNAME/.ssh'.
(if directory does not already exist)
Enter passphrase (empty for no passphrase):
<enter> (leave passphrase empty; hit the enter key)
Enter same passphrase again:
<enter> (enter in blank passphrase again)
Your identification has been saved in /home/$LOGNAME/.ssh/id_dsa.

Your public key has been saved in /home/$LOGNAME/.ssh/id_dsa.pub.

The key fingerprint is:
f9:93:2a:d4:d7:50:a4:74:1c:b4:e6:85:f6:91:d3:38 $LOGNAME@hostname
(the preceding fingerprint is merely an example)

Part 2:

In your home directory on hosta:
$ cd .ssh
$ scp id_dsa.pub hostb:~/.ssh/authorized_keys2
(you may see the following message)
The authenticity of host 'hostb (10.1.0.0)' can't be established.
RSA key fingerprint is 3c:21:19:fd:1e:3a:99:1f:4c:f8:98:18:f9:38:f0:11.
Are you sure you want to continue connecting (yes/no)? yes
(type yes) <enter>
$LOGNAME@hostb's password:
(type in your UNIX password)
id_dsa.pub 100% |*****************************| 0
00:00

Part 3:

Test the keys.
On hosta:
hosta:$ ssh hostb
You should receive a login session on hostb without receiving a
password prompt.
hostb:$
If the passphraseless login worked, you are finished.

 

-- 
Matt Miller
Systems Administrator
MP TotalCare, INC
gpg public key id: 
08BC7B06



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:07:20 EDT