Date: Tue, 4 Sep 2001 10:58:32 +0300 From: Odhiambo Washington <wash@wananchi.com> To: FBSD-Q <freebsd-questions@FreeBSD.ORG> Cc: jpaetzel@hutchtel.net, edwin@mavetju.org, jm.fandino@fadesa.es Subject: Re: SSH and connection automation Message-ID: <20010904105832.F30499@ns2.wananchi.com> In-Reply-To: <20010903130118.D4A5C59D8@mark9.vladsempire.net> References: <20010903171657.A31458@ns2.wananchi.com> <20010903130118.D4A5C59D8@mark9.vladsempire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZmUaFz6apKcXQszQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Josh Paetzel <jpaetzel@hutchtel.net> [20010903 21:07]: writing on the sub= ject 'Re: SSH and connection automation' | On Monday 03 September 2001 09:16 am, Odhiambo Washington wrote: | > I was today trying to be able to execute commands on a remote machine | > without supplying a passwd using ssh. Sadly, even just login still prom= pts | > me for a passwd. | > | > Here is what I did: | > | > 1. Generate the key pair ($HOME/.ssh/identity.pub and identity) | > 2. Exported identity.pub to 3 hosts which I usually connect to | > I copied (not renamed) the identity.pub to authorized_keys | > | > | > From ssh manpage | > " | > ssh implements the RSA authentication protocol automatically. The user | > creates his/her RSA key pair by running ssh-keygen(1). This stores | > the private key in $HOME/.ssh/identity and the public key in | > $HOME/.ssh/identity.pub in the user's home directory. The user | > should then copy the identity.pub to $HOME/.ssh/authorized_keys in his/= her | > home directory on the remote machine (the authorized_keys file correspo= nds | > to the conventional $HOME/.rhosts file, and has one key per line, though | > the lines can be very long). After this, the user can log in without | > giving the password. RSA authentication is much more secure than rhosts | > authentication. | > " | > | > What am I missing? | > | > I was thinking in the same lines as rlogin. My username is the same in | > all these machines. | > |=20 | You probably have a permissions problem. IIRC the .ssh dir needs to be 7= 00,=20 | and the identity pub needs to be 600. I made changes to reflect these permissions, but # wash:~/.ssh$ ssh -v ns2 SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0. Compiled with SSL (0x0090601f). debug: Reading configuration data /etc/ssh/ssh_config debug: ssh_connect: getuid 1000 geteuid 1000 anon 1 debug: Connecting to ns2.wananchi.com [62.8.64.4] port 22. debug: Connection established. debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0 green @FreeBSD.org 20010321 debug: match: OpenSSH_2.3.0 green@FreeBSD.org 20010321 pat ^OpenSSH[-_]2\.3 debug: Local version string SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org 20010321 debug: Waiting for server public key. debug: Received server public key (768 bits) and host key (1024 bits). debug: Host 'ns2' is known and matches the RSA host key. debug: Encryption type: 3des debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Bad key file /home/wash/.ssh/identity. debug: Doing password authentication. wash@ns2's password: # Can someone tell me step by step what they did to achieve what I am trying to achieve. TIA -Wash -- Odhiambo Washington Wananchi Online Ltd., wash@wananchi.com 1st Flr Loita Hse. Tel: 254 2 313985 Loita Street., Fax: 254 2 313922 PO Box 10286,00100-NAIROBI,KE. I am an agnostic; I do not pretend to know what many ignorant men are sure = of.=20 -Clarence Darrow=20 (contributed by Chris Johnston)=20 --ZmUaFz6apKcXQszQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7lImon7LIsuxjem8RAq6ZAJ9fosFzIGnMZW5B45l1vXfZ4rT+7QCeKbhD YXuFpbi5aGRrFtCEyisUMGY= =g1x8 -----END PGP SIGNATURE----- --ZmUaFz6apKcXQszQ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010904105832.F30499>