When you do the ssh-keygen, add a '-t dsa' to the command line, I also use '-b 2048' to keep the security people quiet since that is bigger than they use. Then append the id_dsa.pub file to the authorized_keys2 file on your target systems. Make sure that all client & server config files specify PROTOCOL 2 or 2,1 (this is what my security people griped about). Then you should be able to do your ssh without a password unless there is some other sshd config parameter that I have set properly without knowing about it. If you want, I can send you my sshd.conf offline to compare to yours.
/Thomas Kern /301-903-2211 > -----Original Message----- > From: Wolfe, Gordon W [mailto:[EMAIL PROTECTED] > Sent: Monday, August 04, 2003 16:34 > To: [EMAIL PROTECTED] > Subject: Re: ssh connect no password > > > So, what do I do in protocol 2 that's different from what I > did originally? > > "Great Minds discuss ideas. Average minds discuss events. > Small minds discuss people." - Admiral Hyman Rickover > Gordon Wolfe, Ph.D. (425)865-5940 > VM Enterprise Servers, The Boeing Company > > > ---------- > > From: Kern, Thomas > > Reply To: Linux on 390 Port > > Sent: Monday, August 4, 2003 1:12 PM > > To: [EMAIL PROTECTED] > > Subject: Re: ssh connect no password > > > > That sounds like openssh-3.4p1-77 is defaulting to Protocol > 2 only. My > > security people made me make that switch. Now I secify DSA > when I do a > > keygen and put the public keys in authorized_keys2. > > > > /Thomas Kern > > /301-903-2211 > > > > > -----Original Message----- > > > From: Wolfe, Gordon W [mailto:[EMAIL PROTECTED] > > > Sent: Monday, August 04, 2003 16:01 > > > To: [EMAIL PROTECTED] > > > Subject: ssh connect no password > > > > > > > > > As part of my remote maintenance system for managing many > > > linux images under VM (See my talk at SHARE in DC, Session > > > 9343) I make heavy use of ssh. In order not to have to > > > provide a password each time I update a file or run a > > > command, I've been using ssh's trusted-server authentication > > > method with public and private keys. Unfortunately, since > > > going to SLES8, I haven't been able to get it to work. > > > > > > Under SLES7, I used openssh-2.9.9p2-67. to allow file > > > transfers and command usage without passwords, I just did the > > > following: > > > > > > (1) copied the remote file /etc/ssh/ssh_host_key.pub and > > > appended it to the local file /etc/ssh/ssh_known_hosts > and also to > > > /root/.ssh/known_hosts > > > > > > (2) did ssh-keygen from root. > > > > > > (3) copied the local file /root/.ssh/identity.pub to the > > > remote file /root/.ssh/authorized_keys. > > > > > > That's it! > > > > > > Now on SLES8, with openssh-3.4p1-77, this process doesn't > > > work any more. ssh works, but it requires me to manually > > > input the password each time. For one thing, ssh_keygen > > > requires me to specify if it's dsa or rsa. Also, there's a > > > second package there, openssh-askpass-3.4p1-61. > > > > > > Any ideas what I'm missing? > > > > > > "Great Minds discuss ideas. Average minds discuss events. > > > Small minds discuss people." - Admiral Hyman Rickover > > > Gordon Wolfe, Ph.D. (425)865-5940 > > > VM Enterprise Servers, The Boeing Company > > > > > > > >
