Date: Fri, 11 May 2007 17:45:24 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Darren Reed <darrenr@hub.freebsd.org> Cc: current@freebsd.org Subject: Re: Experiences with 7.0-CURRENT and vmware. Message-ID: <20070511074523.GD826@turion.vk2pj.dyndns.org> In-Reply-To: <20070510111326.GA94093@hub.freebsd.org> References: <20070510111326.GA94093@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--xHFwDpU9dbj6ez1V Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2007-May-10 11:13:26 +0000, Darren Reed <darrenr@hub.freebsd.org> wrote: >Oh, and how do I fix ssh/rsh to do passwordless sessions? Assuming you are using OpenSSH on both ends, use HostBasedAuthentication: Client side: - make /usr/libexec/ssh-keysign setuid root - add the server's host key to known_hosts - Set "HostbasedAuthentication yes" and "EnableSSHKeysign yes" in config Server side: - add the client's host key to /etc/ssh/ssh_known_hosts - Set "HostbasedAuthentication yes" and "IgnoreRhosts no" in /etc/ssh/sshd_config. You may also need "PermitRootLogin without-password" - Add the relevant entry to ~/.shosts - Make sure ~/ and ~/.shosts are only writable by the owner I think that's all but I'm working from memory so I may have missed an option somewhere. ssh debugging options are very useful for working out why it isn't working. --=20 Peter Jeremy --xHFwDpU9dbj6ez1V Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGRB8T/opHv/APuIcRAhKTAJ0YxRTM6UNzc99GgV+ajArx9loD+QCfTOts Fgd0I3rfi1YZuMv6GQxW480= =2p3R -----END PGP SIGNATURE----- --xHFwDpU9dbj6ez1V--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070511074523.GD826>