Thanks for all the good advice, people. I had several things wrong: (1) I was set to protocol 1,2. (2) The IP address of the remote host in /etc/hosts was wrong, and the DNS server was pointing the fully-qualified host name to the wrong IP address. (3) I was pointing to the old protocol 1 files in ssh_config while using protocol 2 in sshd_config.
and worst of all, (4) On the remote system, the userid sshd did not exist, so sshd never started. thanks again for all the help. I never wanted to be a Linux systems programmer, just a VM sysprog ...... (Maybe I'll get into chicken farming like Mama wanted.) "Great Minds discuss ideas. Average minds discuss events. Small minds discuss people." - Admiral Hyman Rickover Gordon Wolfe, Ph.D. (425)865-5940 VM Enterprise Servers, The Boeing Company > ---------- > From: Kern, Thomas > Reply To: Linux on 390 Port > Sent: Monday, August 4, 2003 1:49 PM > To: [EMAIL PROTECTED] > Subject: Re: ssh connect no password > > When you do the ssh-keygen, add a '-t dsa' to the command line, I also use > '-b 2048' to keep the security people quiet since that is bigger than they > use. Then append the id_dsa.pub file to the authorized_keys2 file on your > target systems. Make sure that all client & server config files specify > PROTOCOL 2 or 2,1 (this is what my security people griped about). Then you > should be able to do your ssh without a password unless there is some other > sshd config parameter that I have set properly without knowing about it. If > you want, I can send you my sshd.conf offline to compare to yours. > > /Thomas Kern > /301-903-2211 > > > -----Original Message----- > > From: Wolfe, Gordon W [mailto:[EMAIL PROTECTED] > > Sent: Monday, August 04, 2003 16:34 > > To: [EMAIL PROTECTED] > > Subject: Re: ssh connect no password > > > > > > So, what do I do in protocol 2 that's different from what I > > did originally? > > > > "Great Minds discuss ideas. Average minds discuss events. > > Small minds discuss people." - Admiral Hyman Rickover > > Gordon Wolfe, Ph.D. (425)865-5940 > > VM Enterprise Servers, The Boeing Company > > > > > ---------- > > > From: Kern, Thomas > > > Reply To: Linux on 390 Port > > > Sent: Monday, August 4, 2003 1:12 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: ssh connect no password > > > > > > That sounds like openssh-3.4p1-77 is defaulting to Protocol > > 2 only. My > > > security people made me make that switch. Now I secify DSA > > when I do a > > > keygen and put the public keys in authorized_keys2. > > > > > > /Thomas Kern > > > /301-903-2211 > > > > > > > -----Original Message----- > > > > From: Wolfe, Gordon W [mailto:[EMAIL PROTECTED] > > > > Sent: Monday, August 04, 2003 16:01 > > > > To: [EMAIL PROTECTED] > > > > Subject: ssh connect no password > > > > > > > > > > > > As part of my remote maintenance system for managing many > > > > linux images under VM (See my talk at SHARE in DC, Session > > > > 9343) I make heavy use of ssh. In order not to have to > > > > provide a password each time I update a file or run a > > > > command, I've been using ssh's trusted-server authentication > > > > method with public and private keys. Unfortunately, since > > > > going to SLES8, I haven't been able to get it to work. > > > > > > > > Under SLES7, I used openssh-2.9.9p2-67. to allow file > > > > transfers and command usage without passwords, I just did the > > > > following: > > > > > > > > (1) copied the remote file /etc/ssh/ssh_host_key.pub and > > > > appended it to the local file /etc/ssh/ssh_known_hosts > > and also to > > > > /root/.ssh/known_hosts > > > > > > > > (2) did ssh-keygen from root. > > > > > > > > (3) copied the local file /root/.ssh/identity.pub to the > > > > remote file /root/.ssh/authorized_keys. > > > > > > > > That's it! > > > > > > > > Now on SLES8, with openssh-3.4p1-77, this process doesn't> > > > > work any more. ssh works, but it requires me to manually > > > > input the password each time. For one thing, ssh_keygen > > > > requires me to specify if it's dsa or rsa. Also, there's a > > > > second package there, openssh-askpass-3.4p1-61. > > > > > > > > Any ideas what I'm missing? > > > > > > > > "Great Minds discuss ideas. Average minds discuss events. > > > > Small minds discuss people." - Admiral Hyman Rickover > > > > Gordon Wolfe, Ph.D. (425)865-5940 > > > > VM Enterprise Servers, The Boeing Company > > > > > > > > > > > > > >
