Jim McQuillan wrote:
>On Wed, June 14, 2006 1:16 pm, Poul Moller wrote:
>
>
>>I'm just wondering why NIS is required to run LOCAL_APPS? (I get
>>headache when I see NIS) Any other client/server ssh setup do not
>>require NIS. Isn't the client user root a "normal" user? Why couldn't I
>>just, having done all the key stuff:
>>
>>[EMAIL PROTECTED]> ssh -l root ws001 "x11vnc -bg -display :0"
>>
>>I'm trying to run x11vnc as a local application on request, so I thought
>>a passwordless key pair could be used to automate the process.
>>
>>
>
>
>If you are trying to do this as root, then the key pair should be enough.
>Try turning on debugging on sshd, and see why it's giving you a problem.
>ssh is VERY fussy about ownership and perms on files and directories.
>
>Jim McQuillan
>[EMAIL PROTECTED]
>
>
>
Thanks. Yes something similar. I needed to create an .ssh directory with
right permissions for the root user.
Actually it becomes quite confusing. The server becomes a client and
client configuration is maintained on the server. Confused? ..... then
the following is my working non-NIS ssh setup:
# setup ssh on client. Need an .ssh directory
mkdir /opt/ltsp/i386/root/.ssh
chmod 700 /opt/ltsp/i386/root/.ssh
#Client keys (LTSP server). Skip this if you already have keys installed
[EMAIL PROTECTED] ssh-keygen -t dsa
[EMAIL PROTECTED] ssh-keygen -t rsa
# OPTION for password-less authentication: I use password-less keys in
order to automate local appl execution. add the "-N ''" flag to the two
above commands or simply enter an empty password when prompted.
#Server keys (LTSP clients)
[EMAIL PROTECTED] ssh-keygen -t dsa -f
/opt/ltsp/i386/etc/ssh/ssh_host_dsa_key -N ''
[EMAIL PROTECTED] ssh-keygen -t rsa -f
/opt/ltsp/i386/etc/ssh/ssh_host_rsa_key -N ''
# Option for password-less authentication: Adjust
/opt/ltsp/i386/etc/ssh/sshd_config:
PubkeyAuthentication yes
PasswordAuthentication no
[EMAIL PROTECTED] cat /home/someuser/.ssh/id_dsa.pub >>
/opt/ltsp/i386/root/.ssh/authorized_keys
[EMAIL PROTECTED] chmod 700 /opt/ltsp/i386/root/.ssh/authorized_keys
# Add to /etc/ssh/ssh_known_hosts client hostname & rsa public key an
identical line for each WS:
[EMAIL PROTECTED] echo -n "ws027,10.0.0.27 " >> /etc/ssh/ssh_known_hosts
[EMAIL PROTECTED] cat /opt/ltsp/i386/etc/ssh/ssh_host_rsa_key.pub >>
/etc/ssh/ssh_known_hosts
#Example client (LPTS server) known hosts: /etc/ssh/ssh_known_hosts.
Alternatively the file could be: /home/someuser/.ssh/ssh_known_hosts
...
ws027,10.0.0.27 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA7P.......
ws028,10.0.0.28 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA7P.......
....
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
