Date: Thu, 13 Sep 2001 12:33:34 +0300 From: Odhiambo Washington <wash@wananchi.com> To: George Reid <greid@FreeBSD.org> Cc: FBSD-Q <freebsd-questions@freebsd.org> Subject: Re: SSH Password Authentication... Message-ID: <20010913123334.K86225@ns2.wananchi.com> In-Reply-To: <20010913023125.A190@FreeBSD.org> References: <IAEKKLIOEBMAKJIIGEBBKEJGCDAA.ecrim@earthlink.net> <NFBBJPHLGLNJEEECOCHAEEMNCCAA.deuce@lordlegacy.org> <20010912114309.K6733@ns2.wananchi.com> <20010913023125.A190@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--6TrnltStXW4iwmi0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
* George Reid <greid@FreeBSD.org> [20010913 04:31]: writing on the subject =
'Re: SSH Password Authentication...'
| On Wed, Sep 12, 2001 at 11:43:09AM +0300, Odhiambo Washington wrote:
|=20
| > This works for others, but ++NEVER++ worked for me.
|=20
| You probably have the wrong permissions on ~/.ssh on the remote machine.
|=20
Hi George,
I actually managed to get this thing working yesterday and even as I posted=
and trolled on the list that this
thing did not work, I was actually doing the very correct thing, except at =
a miniature step where things didn't seem
right. I could attribute that to the man pages, since we all differ in the =
way we present a view.
Here is the section of the manual that I seemed not to understand well but =
now makes so much sense.
##
AUTHORIZED_KEYS FILE FORMAT
The $HOME/.ssh/authorized_keys file lists the RSA keys that are permit=
ted
for RSA authentication in SSH protocols 1.3 and 1.5 Similarly, the
$HOME/.ssh/authorized_keys2 file lists the DSA keys that are permitted
for DSA authentication in SSH protocol 2.0. Each line of the file con-
tains one key (empty lines and lines starting with a `#' are ignored as
comments). Each line consists of the following fields, separated by
spaces: options, bits, exponent, modulus, comment. The options field =
is
optional; its presence is determined by whether the line starts with a
number or not (the option field never starts with a number). The bits,
exponent, modulus and comment fields give the RSA key; the comment fie=
ld
is not used for anything (but may be convenient for the user to identi=
fy
the key).
##
The mistake that I was doing was like this (on the remote machine)
cd .ssh/
cp identity.pub authorized_keys
=2E.instead of
cat identity.pub > authorized_keys
One thing that I am yes to understand though is:
1. Is it better to use DSA or RSA
2. If I have authorized_keys and authorized_keys2, how does ssh make the de=
cision on what to use?
3. I realize that when I make a key with a passphrase then I have to be the=
re to manually enter it if I wanted a task to
complete in my absence. Is there a way to circumvent this other than mak=
e keys without a passphrase?
Other than those questions I must say I am so happy it's working.
TIA
-Wash
--
Odhiambo Washington
Wananchi Online Ltd.,
wash@wananchi.com 1st Flr Loita Hse.
Tel: 254 2 313985 Loita Street.,
Fax: 254 2 313922 PO Box 10286,00100-NAIROBI,KE.
Not many men have both good fortune and good sense.=20
-Titus Livy=20
--6TrnltStXW4iwmi0
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7oH1un7LIsuxjem8RAiBuAJ9uoeMxHsjk+iY07sCqeaUx4kBrVwCglD/s
8FMbb/7HCC8rkYSFPOzy+vI=
=LPTt
-----END PGP SIGNATURE-----
--6TrnltStXW4iwmi0--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010913123334.K86225>