ssh passwordless question
Hi all,
I've read alot of documentation on the ssh key stuff but I am unable to get a passwordless login to my server. I have given my public keys over to the other side. I think the issue is that the server uses the ssh protocal with a .ssh2/ file extension and my client machine has the standard .shh/ extension. I created a lookalike set of directories on the server and put the public key there but still can't access it without a password. any ideas anyone? :p |
Do both systems have Linux on it ?
if so, you probably need .ssh on both machines. Also, I assume you have created an ssh2 key (nowadays on modern Linux boxes you need to explicitely tell ssh-keygen to create an ssh1 key, so unless you know better, it's likely you have an ssh2 key)? I don't know if you have renamed your private key to some custom name. If so, fire ssh like 'ssh -i <private key file> -l <user> <hostname>'. On the destination machine, you should also have a .ssh directory, relative to your homedir (so: ~/.ssh), with therein the file authorized_keys2. The rights on the files are critical.. your .ssh directory can better be no other than mode 0700, as well as your authorized_keys2 file. They don't need to be this mode both per say, but I 'm unable to remember which needs this, so I put it on both). Try if you already have done these and see if it works. Remember to put a passphrase on the private key (unless it's a machine auto-ssh key for cronjobs) for security reasons. you can even use ssh-agent for entering your passphrase once per login session. |
You also need to edit the sshd_config file on the server to allow empty passwords
|
in my opinion, the ssh with keys do not render passwords to be empty.. I haven't changed sshd_config for this any time.
|
Yes you are correct you don't need to touch the sshd_config file. Here's a script I wrote a while back that may find help.
############################################################ #!/bin/bash USER="bill" ADDRESS="192.168.1.15" PORT="22" NEWKEY="yes" keygen () { if [ $NEWKEY == "yes" ]; then ssh-keygen -t dsa -f ~/.ssh/id_dsa fi } checkfile () { if [ -f ~/.ssh/authorized_keys2 ]; then touch ~/.ssh/authorized_keys2 fi } # First let create the directory on the remote host them upload the certificate. sshupload () { cat ~/.ssh/id_dsa.pub | ssh -p $PORT $USER@$ADDRESS 'sh -c "mkdir ~/.ssh && cat - >>~/.ssh/authorized_keys2 && chmod 600 ~/.ssh/authorized_keys2"' } ## Our Main Menu press_enter () { echo "" echo -n "Press Enter to continue" read clear } selection= until [ "$selection" = "0" ]; do echo "" echo "SSH Keygen PROGRAM MENU" echo "1 - Generate & Upload New Key" echo "2 - Upload Old Key" echo "" echo "0 - exit program" echo "" echo -n "Enter selection: " read selection echo "" case $selection in 1 ) checkfile ; keygen ; sshupload ;; 2 ) sshupload ;; 0 ) exit ;; * ) echo "Please enter 1, 2 or 0"; press_enter esac done exit 0 ############################################################ |
All times are GMT -5. The time now is 07:34 AM. |