From owner-freebsd-questions Tue Sep 4 1: 0:11 2001 Delivered-To: freebsd-questions@freebsd.org Received: from ns2.wananchi.com (mail.wananchi.com [62.8.64.4]) by hub.freebsd.org (Postfix) with ESMTP id B57E437B403 for ; Tue, 4 Sep 2001 01:00:00 -0700 (PDT) Received: from wash by ns2.wananchi.com with local (Exim 3.33 #1) id 15eB6O-000EUH-00; Tue, 04 Sep 2001 10:58:32 +0300 Date: Tue, 4 Sep 2001 10:58:32 +0300 From: Odhiambo Washington To: FBSD-Q Cc: jpaetzel@hutchtel.net, edwin@mavetju.org, jm.fandino@fadesa.es Subject: Re: SSH and connection automation Message-ID: <20010904105832.F30499@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , FBSD-Q , jpaetzel@hutchtel.net, edwin@mavetju.org, jm.fandino@fadesa.es References: <20010903171657.A31458@ns2.wananchi.com> <20010903130118.D4A5C59D8@mark9.vladsempire.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ZmUaFz6apKcXQszQ" Content-Disposition: inline In-Reply-To: <20010903130118.D4A5C59D8@mark9.vladsempire.net> User-Agent: Mutt/1.3.22.1i X-Disclaimer: My opinions do not necessarily represent those of my employer. X-Operating-System: FreeBSD 4.3-STABLE i386 X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. X-Uptime: 10:55AM up 12 days, 15:02, 3 users, load averages: 1.20, 1.14, 1.11 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --ZmUaFz6apKcXQszQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Josh Paetzel [20010903 21:07]: writing on the sub= ject 'Re: SSH and connection automation' | On Monday 03 September 2001 09:16 am, Odhiambo Washington wrote: | > I was today trying to be able to execute commands on a remote machine | > without supplying a passwd using ssh. Sadly, even just login still prom= pts | > me for a passwd. | > | > Here is what I did: | > | > 1. Generate the key pair ($HOME/.ssh/identity.pub and identity) | > 2. Exported identity.pub to 3 hosts which I usually connect to | > I copied (not renamed) the identity.pub to authorized_keys | > | > | > From ssh manpage | > " | > ssh implements the RSA authentication protocol automatically. The user | > creates his/her RSA key pair by running ssh-keygen(1). This stores | > the private key in $HOME/.ssh/identity and the public key in | > $HOME/.ssh/identity.pub in the user's home directory. The user | > should then copy the identity.pub to $HOME/.ssh/authorized_keys in his/= her | > home directory on the remote machine (the authorized_keys file correspo= nds | > to the conventional $HOME/.rhosts file, and has one key per line, though | > the lines can be very long). After this, the user can log in without | > giving the password. RSA authentication is much more secure than rhosts | > authentication. | > " | > | > What am I missing? | > | > I was thinking in the same lines as rlogin. My username is the same in | > all these machines. | > |=20 | You probably have a permissions problem. IIRC the .ssh dir needs to be 7= 00,=20 | and the identity pub needs to be 600. I made changes to reflect these permissions, but # wash:~/.ssh$ ssh -v ns2 SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0. Compiled with SSL (0x0090601f). debug: Reading configuration data /etc/ssh/ssh_config debug: ssh_connect: getuid 1000 geteuid 1000 anon 1 debug: Connecting to ns2.wananchi.com [62.8.64.4] port 22. debug: Connection established. debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0 green @FreeBSD.org 20010321 debug: match: OpenSSH_2.3.0 green@FreeBSD.org 20010321 pat ^OpenSSH[-_]2\.3 debug: Local version string SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org 20010321 debug: Waiting for server public key. debug: Received server public key (768 bits) and host key (1024 bits). debug: Host 'ns2' is known and matches the RSA host key. debug: Encryption type: 3des debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Bad key file /home/wash/.ssh/identity. debug: Doing password authentication. wash@ns2's password: # Can someone tell me step by step what they did to achieve what I am trying to achieve. TIA -Wash -- Odhiambo Washington Wananchi Online Ltd., wash@wananchi.com 1st Flr Loita Hse. Tel: 254 2 313985 Loita Street., Fax: 254 2 313922 PO Box 10286,00100-NAIROBI,KE. I am an agnostic; I do not pretend to know what many ignorant men are sure = of.=20 -Clarence Darrow=20 (contributed by Chris Johnston)=20 --ZmUaFz6apKcXQszQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7lImon7LIsuxjem8RAq6ZAJ9fosFzIGnMZW5B45l1vXfZ4rT+7QCeKbhD YXuFpbi5aGRrFtCEyisUMGY= =g1x8 -----END PGP SIGNATURE----- --ZmUaFz6apKcXQszQ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message