LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   ssh / ssh-key -- its always asking for passphrase (http://www.linuxquestions.org/questions/linux-general-1/ssh-ssh-key-its-always-asking-for-passphrase-40620/)

BaerRS 01-07-2003 03:44 PM

ssh / ssh-key -- its always asking for passphrase
 
I'm trying to set up ssh, so I dont have to enter a password or passphrase when connecting to a box... ( not that it really bothers me.. but goal of all this is so i can create a script and pull off files from a few computers via scp )...

I have created the id_dsa & id_dsa.pub, and copied the *.dsa file to the remote(HOST) computer, placed it in the /home/.ssh dir with a name of authorized_key2

Once this was done, I could connect from my computer to the remote(HOST -- in my bedroom.. not really remote) via ssh.. but it would ask for the passphrase... not the password.. so I think it is working half way... (it did accept my passphrase.. and let me into the system).

I was not alrmed the first time, because it seems that is normal the first time you connect. But the weird part is.. that it has never stops asking.. everytime I connet.. it ask for the passphrase.

Any Idea on how I can get around this... because when I try the scp file.. it has no way of entering the passphrase.. it will be a cron job.

This is on a SuSE 7.3 box
Here is a copy of my /etc/ssh/ssh_config file:

# $OpenBSD: ssh_config,v 1.10 2001/04/03 21:19:38 todd Exp $

# This is ssh client systemwide configuration file. See ssh(1) for more
# information. This file provides defaults for users, and the values can
# be changed in per-user configuration files or on the command line.

# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for various options

Host *
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
# RhostsRSAAuthentication yes
# RSAAuthentication yes
# DSAAuthentication yes
# PasswordAuthentication no
# FallBackToRsh no
# UseRsh no
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking yes
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_rsa
# Port 22
Protocol 1,2
# Cipher blowfish
# EscapeChar ~

nxny 01-07-2003 07:21 PM

Option 1) If the remote box you connect from is considered secure enough, you may provide an empty passphrase for the key pair. This may be done using, ssh-keygen -p .ssh/id_dsa but beware, the private key will be stored unencrypted on the disk. ( This is what I do to connect to my home box from work, but whether you want to follow this road is debatable especially if it involves anything serious)
Option 2) see man ssh-agent. Possible answer to your prayers. You can run the commands that need the passphrase using ssh-agent (it will store the encrypted password in the physical memory the first time you supply it) You wont need to enter the password again until you quit your session.

HTH


All times are GMT -5. The time now is 02:11 AM.