From owner-freebsd-questions Fri Nov 27 16:26:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA14173 for freebsd-questions-outgoing; Fri, 27 Nov 1998 16:26:23 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from jaguar.ir.miami.edu (jaguar.ir.miami.edu [129.171.32.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA14168 for ; Fri, 27 Nov 1998 16:26:20 -0800 (PST) (envelope-from marcus@jaguar.ir.miami.edu) Received: from jaguar.ir.miami.edu ("port 3119"@jaguar.ir.miami.edu [129.171.32.10]) by jaguar.ir.miami.edu (PMDF V5.2-29 #30976) with ESMTP id <0F3300263VVPXK@jaguar.ir.miami.edu> for questions@FreeBSD.ORG; Fri, 27 Nov 1998 19:26:13 -0500 (EST) Date: Fri, 27 Nov 1998 19:26:13 -0500 (EST) From: "Joe \"Marcus\" Clarke" Subject: Re: Ssh Authentication Question In-reply-to: <3.0.5.32.19981127144002.04cae370@ccsales.com> To: "Randy A. Katz" Cc: questions@FreeBSD.ORG Message-id: MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This depends on what version of ssh you're using. With 1.2.26, you must first generate a public/provate key using ssh-keygen, then, create a file ~/.ssh/authorized_keys. In this file, append the public keys fro users from other hosts you wish to trust. The way I do it is ftp the public key from one of my accounts on machine x to machine y, and vice versa. Then, on machine y, I do cat identity.x >> authorized_keys, and on machine x, cat identity.y >> authorized_keys. Voila, now you can login transparently across machines. ssh 2.0.x does thigs a little differently. You now have a ~/.ssh2 directory. You use the command ssh-keygen2 to generate ssh2 keys. This will generate a public (a file ending in .pub), and a private key. Create a file ~/.ssh2/authorization, and a ~/.ssh2/identification. The authorization file should be 644 where as the identification file should be 600. In the identification file, add the line: IdKey id_dsa_1024_a Where id_dsa_1024_a is your private key file. Then, in the authorization file, create a line for each account you wish to trust, and point it to the public key of that account. Again, ftp the public keys across to the machines. For instace, on machine x I get the public key from my account on machine y, and put the public key from machine x on machine y. Then on machine x, I add the line: Key y.pub and on machine y, I add: Key x.pub to my ~/.ssh2/authorization file. Then I can login transparently across systems. Joe Clarke On Fri, 27 Nov 1998, Randy A. Katz wrote: > Hello, > > I saw this before but can't find it. > > How do I get sshd to trust a specific host and allow the user over on that > host to execute a command without entering the password? > > Thank you, > Randy Katz > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message