From owner-freebsd-questions Thu Mar 16 15:35:38 2000 Delivered-To: freebsd-questions@freebsd.org Received: from nscache2.x-treme.gr (mail1.x-treme.gr [212.120.196.23]) by hub.freebsd.org (Postfix) with ESMTP id A71D837C1C6 for ; Thu, 16 Mar 2000 15:35:28 -0800 (PST) (envelope-from keramida@ceid.upatras.gr) Received: from hades.hell.gr (pat14.x-treme.gr [212.120.197.206]) by nscache2.x-treme.gr (8.9.3/8.9.3/IPNG-ADV-ANTISPAM-0.1) with ESMTP id BAA20114; Fri, 17 Mar 2000 01:35:04 +0200 Received: (from charon@localhost) by hades.hell.gr (8.9.3/8.9.3) id OAA08089; Thu, 16 Mar 2000 14:58:00 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Date: Thu, 16 Mar 2000 14:57:59 +0200 From: Giorgos Keramidas To: Sam Carleton Cc: FreeBSD Questions Subject: Re: HELP!!! using RSA w/o passwords? Message-ID: <20000316145759.B6500@hades.hell.gr> Reply-To: keramida@ceid.upatras.gr References: <38D02E15.56AEE21@miltonstreet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <38D02E15.56AEE21@miltonstreet.com>; from scarleton@miltonstreet.com on Wed, Mar 15, 2000 at 07:45:08PM -0500 X-PGP-Fingerprint: 62 45 D1 C9 26 F9 95 06 D6 21 2A C8 8C 16 C0 8E Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Mar 15, 2000 at 07:45:08PM -0500, Sam Carleton wrote: > Giorgos Keramidas wrote: > > > On Mon, Mar 13, 2000 at 07:40:45PM -0500, Sam Carleton wrote: > > > > > I have both ssh and ssh2 installed on all my machines. At present all > > > that is needed to authenticate is the users password. I would like to > > > use RSA authentication without needed a password, but I cannot figure > > > out how to do it. > > > > When you create your RSA key with ssh-keygen, and get prompted for a > > password, just hit and you'll create an RSA key *without* any > > password. That should solve your problem. > > The password that is needed is the normal login password, not the > passphrase I typed in when generating the key. Well, you might have RSAAuthentication disabled in the remote machine, so let me elaborate on this. There are two places where authentication of ssh can be changed/tweaked. First of all, there is the configuration file of your sshd, which should contain at least the following line to make RSA authentication a method of authentication that is accepted by your sshd. % grep RSAAuth /etc/ssh/sshd_config RSAAuthentication yes Edit your sshd configuration and change (or add) this line to permit authentication with RSA keys. You might need to restart your sshd, if you're running it as a daemon, and not from inetd, in order for the changes to take effect. A second, and also important thing is to create with ssh-keygen an RSA key that doesn't have a password. Then copy the public key (usually found as the file ~/.ssh/identity.pub in ssh1 installations) to the ~/.ssh/authorized_keys file in the remote machine, and you're done. - Giorgos Keramidas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message