On Mon, Aug 04, 2003 at 01:01:08PM -0700, Wolfe, Gordon W wrote: > Date: Mon, 4 Aug 2003 13:01:08 -0700 > From: "Wolfe, Gordon W" <[EMAIL PROTECTED]> > Subject: ssh connect no password > To: [EMAIL PROTECTED] > > As part of my remote maintenance system for managing many linux images under VM (See > my talk at SHARE in DC, Session 9343) I make heavy use of ssh. In order not to > have to provide a password each time I update a file or run a command, I've been > using ssh's trusted-server authentication method with public and private keys. > Unfortunately, since going to SLES8, I haven't been able to get it to work. > > Under SLES7, I used openssh-2.9.9p2-67. to allow file transfers and command usage > without passwords, I just did the following: > > (1) copied the remote file /etc/ssh/ssh_host_key.pub and appended it to the local > file /etc/ssh/ssh_known_hosts and also to > /root/.ssh/known_hosts > > (2) did ssh-keygen from root. > (3) copied the local file /root/.ssh/identity.pub to the remote file > /root/.ssh/authorized_keys. > > That's it! NOPE: that _was_ it, but things have changed, like from RSA to DSA. > > Now on SLES8, with openssh-3.4p1-77, this process doesn't work any more. > ssh works, but it requires me to manually input the password each time. > For one thing, ssh_keygen requires me to specify if it's dsa or rsa. > Also, there's a second package there, openssh-askpass-3.4p1-61. > > Any ideas what I'm missing? You are probably in transition between 2 ssh-worlds which by default play well with each other, but not neccessarily with the other version -->unless told to<--.
You might have missed the (not very obvious until you bang your shin on it) change from rsa-keys to dsa-keys, at ssh-keygen time, and the equivalent parts of both /etc/ssh/ssh_config --> which default-key # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Protocol 2,1 NB: whenever you have ssh problems, turn on verbosity with `ssh -v [EMAIL PROTECTED], and explicitly look at '-i file' and what '-v' is telling you. I had previously used the convention username-at-box is a copy of '~/.ssh/identity.pub' I now use this convention: username-rsa-box is a copy of '~/.ssh/id_rsa.pub.pub' username-dsa-box is a copy of '~/.ssh/id_dsa.pub.pub' Once you're through the transition, you can revoke the ssh-1 (2.9.9p2) keys and just stay with the ssh-2 (3.4p1) conventions. > Gordon Wolfe, Ph.D. (425)865-5940 Richard -- There are only 00000010 types of people in the world; One understands binary, or one is a zero. Have a nice day ;-) Richard Higson mailto:[EMAIL PROTECTED]
