I do not want to disable the passphrase with ssh. I just want to have
that done automatically using ssh-agent and the ssh-add command to keep
it all in memory. Then I can use keychain to keep my login ability up
and running until the system is rebooted.
It is just that I am never asked for a passphrase at all,, just the
password. The system asks and looks for the identity first and then
id_rsa and id_dsa and then it defaults to password which is where I come
in. mFor some reason it is not recognizing the identity file on the
server. I am checking the permissions now and will try again. I am
making .ssh and all files in directory have a permission of 600 and with
all my ownership.
Michael C. Rock
Systems Analyst
Registered Linux User # 287973
"The time has come the walrus said to speak of many things,,,"
"Christians give up what they cannot keep to gain what they cannot lose"
-----Original Message-----
From: slug@lists.nks.net [mailto:slug@lists.nks.net] On Behalf Of Matt
Miller
Sent: Friday, February 21, 2003 1:57 PM
To: SLUG List
Subject: Re: [SLUG] openssh
On Fri, 2003-02-21 at 13:05, Rock wrote:
> I am having trouble getting openssh to give me automatic login to my
> server. I have generated the keys required and put the identity.pub
key
> on the server in authorized_keys file. When I login using ssh I still
> get a prompt asking for my password. According to the instructions I
> should be getting a prompt asking for my passphrase.
>
> I am able to login, but I need to be able to login without any prompts
> so my cron job can run. I have downloaded keychain and will begin
> implementing that once I can get the clean login to the server without
> it asking for my password.
>
> I am running openssh 3.4p1-2 on the client computer running RH 8.0 and
> openssh 2.5.2p2-5 on the server running RH 7.1.
The process I use for creating "passphraseless" ssh keys:
Three specific notes:
1) You have 3 options for the type of key -- rsa (ssh2), dsa (ssh2), and
rsa1 (ssh1). RSA1 is not advised.
2) The newer versions of OpenSSH use a unified authorized_keys file. The
older versions of OpenSSH use authorized_keys for rsa1 and
authorized_keys2 for rsa and dsa. The newer versions of OpenSSH will
read both authorized_keys files.
3) If a script -- which requires remote passphraseless authentication --
is running as a specific user, the keys must be created as that user.
Part 1: Generate Keys
Bitsize is optional; larger = better; smaller = faster
$ ssh-keygen -b 1024 -t dsa -f ~/.ssh/ssh_host_dsa_key -N ""
$ ssh-keygen -b 1024 -t rsa -f ~/.ssh/ssh_host_rsa_key -N ""
Part 2: Copy Public Key(s)
In your home directory on hosta:
$ cd .ssh
$ scp id_dsa.pub hostb:~/.ssh/authorized_keys2
OR
$ scp id_rsa.pub hostb:~/.ssh/authorized_keys2
(you may see the following message)
The authenticity of host 'hostb (10.1.0.0)' can't be established.
RSA key fingerprint is 3c:21:19:fd:1e:3a:99:1f:4c:f8:98:18:f9:38:f0:11.
Are you sure you want to continue connecting (yes/no)? yes
(type yes) <enter>
$LOGNAME@hostb's password:
(type in your UNIX password)
id_dsa.pub 100% |*****************************| 0
00:00
Part 3: Test
Test the keys.
On hosta:
hosta:$ ssh hostb
You should receive a login session on hostb without receiving a
password prompt.
hostb:$
If the passphraseless login worked, you are finished.
--Matt Miller Systems Administrator MP TotalCare gpg public key id: 08BC7B06
-- Lead Paint: Delicious, but deadly.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:35:16 EDT