Excellent step-by-step articles. Got it working in the first shot.
Thank You. |
omlex, atomicx,
On the client side, what does Code:
cat /etc/ssh/ssh_config | grep 'IdentityFile' On the server side, what does Code:
cat /etc/ssh/sshd_config | grep 'Authorized' These entries must coincide with what you're trying to name the files as. (Note that you may have to adjust these commands based on the file paths/names for your distro.) |
One more step that I take in my work, is that I use multiple keys to get from one system to another.
If I want to do an interactive shell, I use a passphrase with the key. If I want to automate a task, I generate a key-pair for that specific task. On the <receiver> system, I modify the "authorized_keys" or "authorized_keys2" file to restrict a key to a specific command. The format for this follows.... command="/path/to/script.sh" ssh-dss keystring I then create a new line for each key and script that I want to run remotely. From there, when I want to execute one of the commands, I use the following. echo "parameter list" | ssh -i /path/to/identity/file remotesystem This then connects to the remote system, executes the command determined by the authorized_keys file, and then said script, reads it's input from the "echo" command output stream. The script runs, then exits. It's simple, effective, and very secure. |
Quote:
Also after you've generated the key pair in puttygen make sure you copy and paste from the OpenSSH Text Area into the authorized_keys file instead of using the "Save Public Key" button. That worked for me. |
I had a similar problem and it turned out to be a line in the sshd_config file. One that said UsePAM yes. Comment that out and restart the ssh daemon.
|
Another docs for the same
|
Same guide
Duplicate entry so edited:
|
DSA key authauication
i have solve the problem. i just used
client: Use the command: /usr/bin/ssh-keygen -t dsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user-id/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user-id/.ssh/id_dsa. Your public key has been saved in /home/user-id/.ssh/id_dsa.pub. The key fingerprint is: XXXblablablaXXXaf:90:8f:dc:65:0d:XXXXXXXXXXXXXX user-id@node-name Files generated: $HOME/.ssh/id_dsa - binary $HOME/.ssh/id_dsa.pub - ssh-dsa ...223564257432 email address - Multiple keys/lines allowd. Server: o FTP the file $HOME/.ssh/id_dsa.pub to the server o cd $HOME/.ssh/ o cat id_dsa.pub >>authorized_keys |
Directory does not exist ? :-(
Hi,
I've successfully set this up on my main server to access all my sub-servers which are all running Slackware Linux. But, I'm now trying to set up access to my mail server which is running Fedora Core 4 and I'm getting an error message when I try cat ~/.ssh/id_dsa.pub | ssh user@server "cat - >> ~/.ssh/authorized_keys" It tells me that the directory does not exist ! I've looked on the FC4 server and indeed there is no root/.ssh/ directory. What do I do ? TIA Mike |
Please ignore
Silly me. I just created the .ssh directory under root and it all works now.
|
One of the finest howto's I've ever seen for any software... if only every one of them were done in this fashion and perfect amount of detail (not too much and not too little). Kudos!
|
I guess it's better to use ssh-copy-id to transfer the key to the server as described here
|
connection ssh publickey
Quote:
|
Quote:
i think that you have to make the remote host ssh protocol to be set to version 2 vi /etc/sshd/sshd_config change protocol to 2 instead of 1 & retry to connect again , hope this fix the problem |
SSH doesn't like it if your home directory has group write access, change to 750.
|
All times are GMT -5. The time now is 11:06 PM. |