SSH password less

[Mag0007]

I am trying to configure password less scp/ssh.

I have successfully completed one, but other AIX servers are giving me problems, so I decided to start all over again.

Does anyone have line by line instructions (commands) to do this?

 

[pcunix]

You need to configure for public key authentication, perhaps with a blank passphrase or the use of ssh-agent. I don't like blank passphrases but sometimes it's necessary or more convenient.

See

http://aplawrence.com/Security/ssh.html

Tony Lawrence
Linux/Unix/Mac OS X Resources

http://aplawrence.com

 

[kHz]

I have setup ssh not to ask for passwords but I cannot get it to work if I use a passphrase initially, even though it should work.

In google, just type "ssh without password" and you will find step-by-step instructions.

In a nutshell: ssh-keygen, mkdir ~HOME/.ssh, scp authorized_key, chmod 700 ~HOME/.ssh & chmod 600 authorized keys - then test with 'ssh -l user remote_host' and you shouldn't be prompted for a password.

 

[columb]

As someone who's been round this loop a few times - if it doesn't work check permissions on the home and .ssh directories. They need to be quite tight.

Columb Healy

 

[Mag0007]

Khz:

I wish it was just that easy. I can create the public keys and all. The problem is its still asking me for the password of the key I generated (not UNIX password). I have ssh-agent runnning at all.

However I do HAVE an older version of ssh running.

 

[columb]

From my notes

Un-attended login
When batch scripts require secure access to remote hosts, i.e. no user to type in the password, an un-attended-login is required. This is achieved by copying the requesting user's authentication key from the source host to the target host into a file called .ssh/authorized_keys. E.g. to set up an un-attended login for 'user' on host2 when connecting from host1: - 

user@host1> cd; mkdir .ssh
user@host1> ssh-keygen -t rsa -N '' -f .ssh/id_rsa
user@host1> scp .ssh/id_rsa.pub user@host2:user_host1_key #requires password
user@host1> ssh -l user host2 'mkdir .ssh; cat user_host1_key >> .ssh/authorized_keys' #requires password
user@host1> ssh -l user host2 'ls -la' #Does NOT require password
…


The ssh-keygen command generates the user's key for host1. Thus, when added to the authorized-keys file on host2 allows user on host1 to login into user account on host2 without entering interactive mode to enter the password, i.e. un-attended login.

However, as I said, I've been having one or two problems with this which is resolved by tightening up security on home directory (770) and the .ssh directory (700) and making sure that users own their own home folders.

Columb Healy

 

[kHz]

A google search will do wonders for answering you question!

And don't post the same question in different forums.

 

[kHz]

Bad day. Forget my rant.

I use the -P ' ' if I can remember correctly without looking at my notes which are not with me right now. If I set a passphrase and then copy my authorized_keys file it still asks for a passphrase each time. The only way I can get it is to set a blank passphrase and then I have no problem.

Is it asking you for a password or passphrase?

 

[RodKnowlton]

The problem is its still asking me for the password of the key I generated (not UNIX password). I have ssh-agent runnning at all.

Did you run ssh-add to put your credentials in ssh-agent? Run "ssh-add -L" to see all keys that ssh-agent has been told about.

Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L
CompTIA Linux+
CompTIA Security+

 

[coffeysm]

Try running:

ssh-keygen -t rsa -f ~/.ssh/id_rsa -P ''
scp ~/.ssh/id_rsa.pub machine:/homedir/.ssh/authorized_keys

Check sshd_config for:

RSAAuthentication yes
PubKeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

644 authorized_keys (Public Key)
600 id_rsa (Private Key)