This seemed to me to be a good resource (e.g. it worked for me): http://fak3r.com/2006/08/10/howto-passwordless-ssh-logins/
Tim On Fri, Jul 3, 2009 at 4:31 PM, fred wang<[email protected]> wrote: > I remove the ~/.ssh and regenerate the key and it seems I still need to > provide password when I ssh localhost. Thank you very much even it couldn't > be fixed finally. > > But I found there is some warning information: > > ssh localhost > > The authenticity of host 'localhost (127.0.0.1)' can't be established. > > RSA key fingerprint is 4f:a1:ff:ed:0c:46:3e:a9:8c:97:bc:b7:46:3e:35:d2. > > Are you sure you want to continue connecting (yes/no)? yes > > Warning: Permanently added 'localhost' (RSA) to the list of known hosts. > > > On 7/1/09 11:09 PM, fred wang wrote: > >> sorry, should incopy ssh_config(instead of sshd_config) >>> >>> >>> vi /etc/ssh/ssh_config >>> >>> # 1. command line options >>> >>> # 2. user-specific file >>> >>> # 3. system-wide file >>> >>> # Any configuration value is only changed the first time it is set. >>> >>> # Thus, host-specific definitions should be at the beginning of the >>> >>> # configuration file, and defaults at the end. >>> >>> >>> >>> # Site-wide defaults for some commonly used options. For a comprehensive >>> >>> # list of available options, their meanings and defaults, please see the >>> >>> # ssh_config(5) man page. >>> >>> >>> >>> Host * >>> >>> # ForwardAgent no >>> >>> # ForwardX11 no >>> >>> # ForwardX11Trusted yes >>> >>> # RhostsRSAAuthentication no >>> >>> # RSAAuthentication yes >>> >>> # PasswordAuthentication yes >>> >>> # HostbasedAuthentication no >>> >>> # GSSAPIAuthentication no >>> >>> # GSSAPIDelegateCredentials no >>> >>> # GSSAPIKeyExchange no >>> >>> # GSSAPITrustDNS no >>> >>> # BatchMode no >>> >>> # CheckHostIP yes >>> >>> # AddressFamily any >>> >>> # ConnectTimeout 0 >>> >>> # StrictHostKeyChecking ask >>> >>> # IdentityFile ~/.ssh/identity >>> >>> # IdentityFile ~/.ssh/id_rsa >>> >>> # IdentityFile ~/.ssh/id_dsa >>> >>> # Port 22 >>> >>> # Protocol 2,1 >>> >>> # Cipher 3des >>> >>> # Ciphers >>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc >>> >>> # MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160 >>> >>> # EscapeChar ~ >>> >>> # Tunnel no >>> >>> # TunnelDevice any:any >>> >>> # PermitLocalCommand no >>> >>> SendEnv LANG LC_* >>> >>> HashKnownHosts yes >>> >>> GSSAPIAuthentication yes >>> >>> GSSAPIDelegateCredentials no >>> >>> >>> On Thu, Jul 2, 2009 at 1:51 PM, fred wang<[email protected]> wrote: >>> >>> Here is the output of ssh -v localhost and the configuration of >>>> ssh_config, >>>> >>>> x...@xxx-desktop:~$ ssh -v localhost >>>> >>>> OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007 >>>> >>>> debug1: Reading configuration data /etc/ssh/ssh_config >>>> >>>> debug1: Applying options for * >>>> >>>> debug1: Connecting to localhost [127.0.0.1] port 22. >>>> >>>> debug1: Connection established. >>>> >>>> debug1: identity file /home/xxx/.ssh/identity type -1 >>>> >>>> debug1: identity file /home/xxx/.ssh/id_rsa type -1 >>>> >>>> debug1: identity file /home/xxx/.ssh/id_dsa type 2 >>>> >>>> debug1: Remote protocol version 2.0, remote software version >>>> OpenSSH_4.7p1 >>>> Debian-8ubuntu1.2 >>>> >>>> debug1: match: OpenSSH_4.7p1 Debian-8ubuntu1.2 pat OpenSSH* >>>> >>>> debug1: Enabling compatibility mode for protocol 2.0 >>>> >>>> debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2 >>>> >>>> debug1: SSH2_MSG_KEXINIT sent >>>> >>>> debug1: SSH2_MSG_KEXINIT received >>>> >>>> debug1: kex: server->client aes128-cbc hmac-md5 none >>>> >>>> debug1: kex: client->server aes128-cbc hmac-md5 none >>>> >>>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent >>>> >>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP >>>> >>>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent >>>> >>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY >>>> >>>> debug1: Host 'localhost' is known and matches the RSA host key. >>>> >>>> debug1: Found key in /home/xxx/.ssh/known_hosts:1 >>>> >>>> debug1: ssh_rsa_verify: signature correct >>>> >>>> debug1: SSH2_MSG_NEWKEYS sent >>>> >>>> debug1: expecting SSH2_MSG_NEWKEYS >>>> >>>> debug1: SSH2_MSG_NEWKEYS received >>>> >>>> debug1: SSH2_MSG_SERVICE_REQUEST sent >>>> >>>> debug1: SSH2_MSG_SERVICE_ACCEPT received >>>> >>>> debug1: Authentications that can continue: publickey,password >>>> >>>> debug1: Next authentication method: publickey >>>> >>>> debug1: Trying private key: /home/xxx/.ssh/identity >>>> >>>> debug1: Trying private key: /home/xxx/.ssh/id_rsa >>>> >>>> debug1: Offering public key: /home/xxx/.ssh/id_dsa >>>> >>>> debug1: Authentications that can continue: publickey,password >>>> >>>> debug1: Next authentication method: password >>>> >>>> x...@localhost's password: >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> x...@xxx:~$ vi /etc/ssh/sshd_config >>>> >>>> #KerberosOrLocalPasswd yes >>>> >>>> #KerberosTicketCleanup yes >>>> >>>> >>>> >>>> # GSSAPI options >>>> >>>> #GSSAPIAuthentication no >>>> >>>> #GSSAPICleanupCredentials yes >>>> >>>> >>>> >>>> X11Forwarding yes >>>> >>>> X11DisplayOffset 10 >>>> >>>> PrintMotd no >>>> >>>> PrintLastLog yes >>>> >>>> TCPKeepAlive yes >>>> >>>> #UseLogin no >>>> >>>> >>>> >>>> #MaxStartups 10:30:60 >>>> >>>> #Banner /etc/issue.net >>>> >>>> >>>> >>>> # Allow client to pass locale environment variables >>>> >>>> AcceptEnv LANG LC_* >>>> >>>> >>>> >>>> Subsystem sftp /usr/lib/openssh/sftp-server >>>> >>>> >>>> >>>> UsePAM yes >>>> >>>> >>>> >>>> On Thu, Jul 2, 2009 at 1:18 PM, Konstantin Boudnik<[email protected] >>>> >wrote: >>>> >>>> Yet another possibility is that your SSH daemon isn't configured to >>>>> accept >>>>> publickey as a valid authorization mean. >>>>> >>>>> Try to do ssh -v localhost and check if there's something similar to the >>>>> following: >>>>> >>>>> debug1: Authentications that can continue: >>>>> publickey,password,keyboard-interactive >>>>> debug1: Next authentication method: publickey >>>>> debug1: Trying private key: /home/xxx/.ssh/identity >>>>> debug1: Trying private key: /home/xxx/.ssh/id_rsa >>>>> debug1: Offering public key: /home/xxx/.ssh/id_dsa >>>>> debug1: Server accepts key: pkalg ssh-dss blen 435 >>>>> debug1: read PEM private key done: type DSA >>>>> debug1: Authentication succeeded (publickey). >>>>> >>>>> Cos >>>>> >>>>> >>>>> On 7/1/09 10:11 PM, fred wang wrote: >>>>> >>>>> I have setup ./.ssh/authorized keys has permssion 600, but it didn't >>>>>> work. >>>>>> Thanks anyway >>>>>> >>>>>> ls -l .ssh/authorized_keys >>>>>> -rw------- 1 xxx xxx 1222 2009-07-02 13:08 .ssh/authorized_keys >>>>>> >>>>>> On Thu, Jul 2, 2009 at 12:15 AM, Konstantin Boudnik<[email protected] >>>>>> >>>>>>> wrote: >>>>>>> >>>>>> Make sure that your ~/.ssh/authorized_keys has permissions 600 >>>>>> >>>>>>> Cos >>>>>>> >>>>>>> >>>>>>> On 7/1/09 7:35 AM, fred wang wrote: >>>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>>> I failed to setup passphraseless ssh(I mean, I still need to input >>>>>>>> password to do ssh localhost) when I tried to configure Hadoop to run >>>>>>>> on >>>>>>>> psuedo-distributed operation, could anyone help me solve this issue? >>>>>>>> Thanks! >>>>>>>> >>>>>>>> (1)I use the Putty0.6 to remote access to Ubuntu by SSH. >>>>>>>> >>>>>>>> (2) execution steps and ouput >>>>>>>> >>>>>>>> $ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >>>>>>>> Generating public/private dsa key pair. >>>>>>>> Your identification has been saved in /home/xxx/.ssh/id_dsa. >>>>>>>> Your public key has been saved in /home/xxx/.ssh/id_dsa.pub. >>>>>>>> The key fingerprint is: >>>>>>>> a9:39:4c:9b:22:f9:a4:77:70:24:fa:bf:12:f5:81:81 xxx >>>>>>>> >>>>>>>> >>>>>>>> **note: it doesn't have message 'Enter passphrase (empty for no >>>>>>>> passphrase): >>>>>>>> Enter same passphrase again: ' which appear in some introductory >>>>>>>> paper. >>>>>>>> " >>>>>>>> >>>>>>>> $ cat ~/.ssh/id_dsa.pub>> ~/.ssh/authorized_keys >>>>>>>> no output >>>>>>>> >>>>>>>> $ ssh localhost >>>>>>>> The authenticity of host 'localhost (127.0.0.1)' can't be >>>>>>>> established. >>>>>>>> RSA key fingerprint is >>>>>>>> 4f:a1:ff:ed:0c:46:3e:a9:8c:97:bc:b7:46:3e:35:d2. >>>>>>>> Are you sure you want to continue connecting (yes/no)? yes >>>>>>>> Warning: Permanently added 'localhost' (RSA) to the list of known >>>>>>>> hosts. >>>>>>>> x...@localhost's password: >>>>>>>> >>>>>>>> >>>>>>>> >
