[ale] automating ssh script

Keith Hopkins hne at hopnet.net
Mon Jul 29 07:56:24 EDT 2002


Hey Drew, (take 2!)

    This seems like a no-brainer to me.  Just to confirm that, I tried it myself, and it worked (no passphrase prompt, no password prompt.)

    First question...when you are generating the keys (type 1 or 2), what are you entering for the "Enter passphrase" prompts?  You should hit Enter twice without typing anything.  Anything you type here will be prompted for at login.

ChangingLINKS.com wrote:
  > GENERATING TYPE 1 KEY
  > [user at change user]$ ssh-keygen -t rsa1
  > Generating public/private rsa1 key pair.
  > Enter file in which to save the key (/home/user/.ssh/identity):
  > /home/user/.ssh/identity
  > Created directory '/home/user/.ssh'.
  > Enter passphrase (empty for no passphrase):
  > Enter same passphrase again:
  > Your identification has been saved in /home/user/.ssh/identity.
  > Your public key has been saved in /home/user/.ssh/identity.pub.
  > The key fingerprint is:
  > b0:15:bd:79:c4:bd:3e:99:1b:d5:87:1e:56:62:c4:6c user at change


 > COMMANDS THAT I USED TO TRY TO GET SSH TO WORK WITHOUT A PASSPHRASE
 > rm -rf ~/.ssh   //to start .ssh from scratch
 > ssh-keygen -t rsa1  //to generate type1 public and private keys
 > cp ~/.ssh/identity.pub ~/.ssh/authorized_keys  //to make type 1 file to
 > upload to server
 > cp ~/.ssh/id_dsa.pub ~/.ssh/authorized_keys2   //to make type 2 key file to
 > upload to server
 > ftp ~/.ssh/authorized_keys AND  ~/.ssh/authorized_keys2 to remote machine's
 > ~/.ssh //upload files
 > ssh user at shell1.host.com //test .ssh to see if it works
 > eval `ssh-agent`  //do a ssh-agent on server?
 > exit  //thinking I should exit to run next command locally
 > eval `ssh-agent` //run ssh-agent locally
 > ssh-add ~/.ssh/identity
 > ssh user at shell1.host.com //testing to see if I connect passphraseLESS
 > eval `ssh-agent` //failed to connect without passphrase, decided to run eval
 > on remote machine

    I don't use the ssh-agent at all, but I don't think it does what you expect it to do.

I do see some missing steps here...

    After you copy the public keys to the other server, you need to add them to the authorized_keys of the user you want to login as.  You'd do something like this:

login jimbo
jimbo$ ssh-keygen -t dsa (various prompts ensue, be sure to only hit Enter for the passphrase prompt)
jimbo$ scp .ssh/id_dsa.pub slacker at otherhost:.ssh/jimbos_pub_id
jimbo$ ssh slacker at otherhost (various prompts ensue)
slacker$ cd .ssh
slacker$ cat jimbos_pub_id >> authorized_keys   (very important missing step!)
slacker$ exit
***jimbo$ ssh -2 slacker at otherhost (no prompts should occur.  should drop staight to defined shell) ***
slacker$ (flashing cursor)

   Repeat the above for rsa keys if you really want to.  NOTE: I added a "-2" to force protocol2 (and so it would pick up the DSA and not look for RSA1).

    Let me know what happens.

P.S. Protocol 1 is EVIL and should not be used by anyone running an OS far superior to Winbloze :-)
I suggest you edit your .ssh/config file to always force Protocol 2, and you sshd_config to do the same on the server side.

-- 
Lost in Tokyo,
    Keith



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list