Date: Wed, 12 Jan 2000 14:02:40 -0500 (EST) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: danielb@almazs.pacex.net (daniel B) Cc: freebsd-questions@FreeBSD.ORG Subject: Re: simple SSH auto-login question Message-ID: <200001121902.OAA11397@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <Pine.BSF.4.10.10001120900210.65108-100000@almazs.pacex.net> from daniel B at "Jan 12, 2000 09:18:18 am"
next in thread | previous in thread | raw e-mail | index | archive | help
daniel B wrote, > Hi; > > I need to allow auto-login(without prompting for password) from machine > 'A' to machine 'B' but NOT from machine 'B' to machine 'A'. > This has to be done so my automatic remote backups can work over SSH > backing up machine 'B' to a tape host on machine 'A'. I do this same thing several different ways. > I read somewhere that: > 1. both machines have to have same user password Wrong. > 2. Machine 'B' has to belisted in /etc/hosts.equiv on machine 'A" And wrong. > What else do I need to do? I tried the above two but did not help. > I am running ssh-1.2.27 on FreeBSD-3.3-STABLE You need to do neither of the two above. All you need to do is create a SSH private-public key pair with null passphrase for the user on machine 'A.' Then on machine 'B,' take the public key from the user on 'A' and put it in the 'authorized_keys' file. I do something just like this on a daily dump script. On the machine making the dump, the user is root (although I could use an operator-type user). On the machine the files go to, I use a mortal account made just of this purpose. So as to your point (1), the usernames are diffferent and the passwords are too (in fact, the mortal account has no password; it's locked out from normal logins). The user on the machine sending the dump does something like, ssh -l dumpuser -i .ssh/identity_dump $RMT_MACHINE dd of=$DUMP_FILE Where the dump data is piped to this command. The dumpuser account just needs to have a valid shell and have the correct public key, identity_dump.pub, in its authorized_keys file for this to work. I have also added a "from=" option to the authorized_keys entry for a tad of extra security with the passprhaseless key-pair. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001121902.OAA11397>