From owner-freebsd-current@FreeBSD.ORG Fri May 11 07:45:26 2007 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B4A2116A400 for ; Fri, 11 May 2007 07:45:26 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-3-125.belrs4.nsw.optusnet.com.au [220.239.3.125]) by mx1.freebsd.org (Postfix) with ESMTP id 46B1113C44B for ; Fri, 11 May 2007 07:45:25 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.14.1/8.14.1) with ESMTP id l4B7jOBZ001243; Fri, 11 May 2007 17:45:24 +1000 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.14.1/8.14.1/Submit) id l4B7jOWI001242; Fri, 11 May 2007 17:45:24 +1000 (EST) (envelope-from peter) Date: Fri, 11 May 2007 17:45:24 +1000 From: Peter Jeremy To: Darren Reed Message-ID: <20070511074523.GD826@turion.vk2pj.dyndns.org> References: <20070510111326.GA94093@hub.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xHFwDpU9dbj6ez1V" Content-Disposition: inline In-Reply-To: <20070510111326.GA94093@hub.freebsd.org> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.14 (2007-02-12) Cc: current@freebsd.org Subject: Re: Experiences with 7.0-CURRENT and vmware. X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 May 2007 07:45:26 -0000 --xHFwDpU9dbj6ez1V Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2007-May-10 11:13:26 +0000, Darren Reed wrote: >Oh, and how do I fix ssh/rsh to do passwordless sessions? Assuming you are using OpenSSH on both ends, use HostBasedAuthentication: Client side: - make /usr/libexec/ssh-keysign setuid root - add the server's host key to known_hosts - Set "HostbasedAuthentication yes" and "EnableSSHKeysign yes" in config Server side: - add the client's host key to /etc/ssh/ssh_known_hosts - Set "HostbasedAuthentication yes" and "IgnoreRhosts no" in /etc/ssh/sshd_config. You may also need "PermitRootLogin without-password" - Add the relevant entry to ~/.shosts - Make sure ~/ and ~/.shosts are only writable by the owner I think that's all but I'm working from memory so I may have missed an option somewhere. ssh debugging options are very useful for working out why it isn't working. --=20 Peter Jeremy --xHFwDpU9dbj6ez1V Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGRB8T/opHv/APuIcRAhKTAJ0YxRTM6UNzc99GgV+ajArx9loD+QCfTOts Fgd0I3rfi1YZuMv6GQxW480= =2p3R -----END PGP SIGNATURE----- --xHFwDpU9dbj6ez1V--