[ale] automating ssh script
Keith Hopkins
hne at hopnet.net
Mon Jul 29 07:56:24 EDT 2002
Hey Drew, (take 2!)
This seems like a no-brainer to me. Just to confirm that, I tried it myself, and it worked (no passphrase prompt, no password prompt.)
First question...when you are generating the keys (type 1 or 2), what are you entering for the "Enter passphrase" prompts? You should hit Enter twice without typing anything. Anything you type here will be prompted for at login.
ChangingLINKS.com wrote:
> GENERATING TYPE 1 KEY
> [user at change user]$ ssh-keygen -t rsa1
> Generating public/private rsa1 key pair.
> Enter file in which to save the key (/home/user/.ssh/identity):
> /home/user/.ssh/identity
> Created directory '/home/user/.ssh'.
> Enter passphrase (empty for no passphrase):
> Enter same passphrase again:
> Your identification has been saved in /home/user/.ssh/identity.
> Your public key has been saved in /home/user/.ssh/identity.pub.
> The key fingerprint is:
> b0:15:bd:79:c4:bd:3e:99:1b:d5:87:1e:56:62:c4:6c user at change
> COMMANDS THAT I USED TO TRY TO GET SSH TO WORK WITHOUT A PASSPHRASE
> rm -rf ~/.ssh //to start .ssh from scratch
> ssh-keygen -t rsa1 //to generate type1 public and private keys
> cp ~/.ssh/identity.pub ~/.ssh/authorized_keys //to make type 1 file to
> upload to server
> cp ~/.ssh/id_dsa.pub ~/.ssh/authorized_keys2 //to make type 2 key file to
> upload to server
> ftp ~/.ssh/authorized_keys AND ~/.ssh/authorized_keys2 to remote machine's
> ~/.ssh //upload files
> ssh user at shell1.host.com //test .ssh to see if it works
> eval `ssh-agent` //do a ssh-agent on server?
> exit //thinking I should exit to run next command locally
> eval `ssh-agent` //run ssh-agent locally
> ssh-add ~/.ssh/identity
> ssh user at shell1.host.com //testing to see if I connect passphraseLESS
> eval `ssh-agent` //failed to connect without passphrase, decided to run eval
> on remote machine
I don't use the ssh-agent at all, but I don't think it does what you expect it to do.
I do see some missing steps here...
After you copy the public keys to the other server, you need to add them to the authorized_keys of the user you want to login as. You'd do something like this:
login jimbo
jimbo$ ssh-keygen -t dsa (various prompts ensue, be sure to only hit Enter for the passphrase prompt)
jimbo$ scp .ssh/id_dsa.pub slacker at otherhost:.ssh/jimbos_pub_id
jimbo$ ssh slacker at otherhost (various prompts ensue)
slacker$ cd .ssh
slacker$ cat jimbos_pub_id >> authorized_keys (very important missing step!)
slacker$ exit
***jimbo$ ssh -2 slacker at otherhost (no prompts should occur. should drop staight to defined shell) ***
slacker$ (flashing cursor)
Repeat the above for rsa keys if you really want to. NOTE: I added a "-2" to force protocol2 (and so it would pick up the DSA and not look for RSA1).
Let me know what happens.
P.S. Protocol 1 is EVIL and should not be used by anyone running an OS far superior to Winbloze :-)
I suggest you edit your .ssh/config file to always force Protocol 2, and you sshd_config to do the same on the server side.
--
Lost in Tokyo,
Keith
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list