Re: key-based authentication over SSH

Tue, 27 Jun 2006 13:24:34 -0700 

On 6/27/06, Ira Abramov <[EMAIL PROTECTED]> wrote:

Quoting yahav Biran, from the post of Tue, 27 Jun:
> Hi all,
> I'm trying to configure two machines with key based authentication.
>
> In the client machine:
> First I created my private and public key:
> ssh-keygen -b 1024 -f identity -P '' -t dsa

RTFM. since ssh2, you can't have keys without passphrases. either add a
passphrase (which you can cache with ssh-agent) or create a pass-less
key of type rsa1 and force the connection to Protocol 1. I don't
recommend the latter though.



Huh ?

What black magic am I using then ?

<<<
Machine 1:
----------------
[EMAIL PROTECTED]:~$ echo [`hostname`] 'ssh server, '`cat /etc/issue`
[debsrv] ssh server, Debian GNU/Linux testing/unstable \n \l
[EMAIL PROTECTED]:~$ cat /etc/ssh/sshd_config | grep Protocol
Protocol 2

Machine 2:
----------------
[EMAIL PROTECTED] ~]$ echo [`hostname`] 'ssh client, '`cat /etc/issue`
[asterisk1.local] ssh client, CentOS release 4.2 (Final) Kernel \r on an \m
[EMAIL PROTECTED] ~]$ cat /etc/ssh/ssh_config | grep Protocol
  Protocol 2


Machine 2:
----------------
[EMAIL PROTECTED] ~]$ ssh-keygen -t dsa -P ""
Generating public/private dsa key pair.
Enter file in which to save the key (/home/hq4ever/.ssh/id_dsa):
Created directory '/home/hq4ever/.ssh'.
Your identification has been saved in /home/hq4ever/.ssh/id_dsa.
Your public key has been saved in /home/hq4ever/.ssh/id_dsa.pub.
The key fingerprint is:
85:7a:52:a4:e4:c8:35:db:e2:9a:ab:2d:75:b2:37:0b [EMAIL PROTECTED]

[EMAIL PROTECTED] ~]$ cat .ssh/id_dsa.pub | ssh [EMAIL PROTECTED] "cat

.ssh/authorized_keys"


[EMAIL PROTECTED] ~]$ hostname
asterisk1.local
[EMAIL PROTECTED] ~]$ ssh debsrv
Linux debsrv 2.6.8-2-386 #1 Tue Aug 16 12:46:35 UTC 2005 i686

[snip]

[EMAIL PROTECTED]:~$ hostname
debsrv




P.S. Needless to mention that the key pair used above ceased to exist
at this very moment.

--
Cheers,
Maxim Vexler

"Free as in Freedom" - Do u GNU ?

=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Reply via email to