ssh without the password prompt
 

Did a search but none of the many topics on this I found helped me.

Box A has sshd running.
Box B has ssh and is the one i'm trying to connect from.

On Box B I first ran ssh-keygen -t dsa
entered the password and it created the id_dsa & .pub files.

On Box A created a dir in /home/ called .ssh and copied the id_dsa.pub over and renamed it to authorized_keys

On Box B ran:
ssh 111.111.111.111
it prompted for pass, entered this and it added Box A to known hosts and connects fine.

When trying to setup the public key:

On Box B ran:
ssh-agent /bin/bash
ssh-add
*it then prompts for the passphrase which I enter (the password from above).
ssh-add -l
*shows that the key is there
ssh 111.111.111.111
* which prompts for password (which I believe it shouldn't)

Any ideas?

Cheers All


:confused:

Connecting thru ssh, it should and will always ask for the users password by default to login. It doesn't just read the keys and assume you are who you say you are.

Hi there.

Copy the public key to /home/whoever/.ssh2 on the box you want to connect to.

Edit a file in that directory called authorization and insert the following line...

Key id_dsa_1024_b.pub

That is assuming that the key you generated was id_dsa_1024_b.pub

Assuming you did this correctly you will then be able to connect from the box that you generated the key on without a password.

Hi markehb,

you are almost there: the only thing you have to do is leave the password empty when generating the keypair.


Hope it was of any help

Pollyanna

tried that, no joy :cry:

stupid newbie question in my sshd.conf I uncommented the line:
AuthorizedKeysFile ~/.ssh/authorized_keys

what does the ~ mean? is it like the root dir?

Try again, I use it to grab backups during the night.

Remove the key you generated, run ssh-keygen, do not use a password or a passphrase.

Copy the key over as I said before.

If you still have trouble I can send you a script that will automate it for you.

The ~ is the home directory

no joy again, deleted the pair. created a new one with no passphrase, copied the id_dsa.pub file into /home/mark/.ssh2/ (on the host)

created a file called authorization in the same dir and put in it:
Key id_dsa.pub

still prompts for password, not even the passphrase.

starting to bug me now :scratch:

What is the output of ssh -V and is it the same on both machines?

OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
and is the same on both.

Ok. Sorry for the delay. Had to build a second machine for testing.

Anyway , I have it working.

Here is what I did....
Left the sshd_config file alone, no changes.

Ran ssh-keygen -t dsa, did not enter a passphrase.

Scp'd id_dsa.pub to my /home/me/.ssh/ directory on the test machine

Touched a file called authorized_keys

brad@test:~/.ssh$ cat id_dsa.pub > authorized_keys

brad@brad:~/.ssh$ ssh 10.10.1.234
Last login: Tue Mar 23 13:14:29 2004 from brad.caledoncard.ca
Linux 2.4.22.

You will be imprisoned for contributing
your time and skill to a bank robbery.

brad@test:~$

It works.

Sorry, should have asked your versions earlier.

on the remote I have a dir called ~/mark/.ssh/
which in it has the 2 pair files id_dsa and id_dsa.pub as well as known.hosts

on the host (running sshd) I have a dir called:
~/.ssh/ that has 600 permissions created by owned by user and group 'mark'

In which there is an exact copy of id_dsa.pub called authorized_kels but without the linebreak after it (cos apparently that causes probs). This is also set to 600 with and owned by user and group mark.

Can you put up your sshd_config, so I can make sure they're the same?

Then I'll delete everything and start again, without changing anything.

I also think I have a permissions prob cos even tho the user 'mark' is part of the root group it still doesn't have permissions to write to dir's etc created by root, which is why the authorized_keys etc is owned by mark and not root, whether thats right or not I dont know.

Cheers for your help btw :)

usually ssh behaves somehow like rsh.
Did you create an .rhosts or .shosts file in $HOME for user specific settings?
Did you checked the /etc/hosts.equiv, hosts.allow, hosts.deny files for system wide settings?
Usually a ~/.shosts file containing the host name or IP of the remote part should be enough to omit the input of the password.

Erik

no, the .rhosts .shosts bit, what I need to do?

yes, to the hosts.equiv/allow/deny

try creating a .shost file containing just the IP adress or the hostname of the remote host you want to log in without pwd as the only entry per line.
On host A:
~/.shosts: with the content

hostname_of_host_B

On host B:
~/.shosts

hostname_of_host_A

If the names can not be resolved, use IP adresses.

There should also be soomething in the man pages of ssh...

good luck ;)
Erik