From owner-freebsd-questions Sun May 12 3:34:59 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mta07-svc.ntlworld.com (mta07-svc.ntlworld.com [62.253.162.47]) by hub.freebsd.org (Postfix) with ESMTP id 9491237B401 for ; Sun, 12 May 2002 03:34:54 -0700 (PDT) Received: from lungfish.ntlworld.com ([80.4.0.215]) by mta07-svc.ntlworld.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020512103453.FKW29981.mta07-svc.ntlworld.com@lungfish.ntlworld.com>; Sun, 12 May 2002 11:34:53 +0100 Received: from tuatara.goatsucker.org (tuatara.goatsucker.org [192.168.1.6]) by lungfish.ntlworld.com (8.11.6/8.11.6) with ESMTP id g4CAYqV52152; Sun, 12 May 2002 11:34:52 +0100 (BST) (envelope-from scott@tuatara.goatsucker.org) Received: (from scott@localhost) by tuatara.goatsucker.org (8.12.3/8.12.3/Submit) id g4CAXbvu002964; Sun, 12 May 2002 11:33:37 +0100 (BST) (envelope-from scott) Date: Sun, 12 May 2002 11:33:37 +0100 From: Scott Mitchell To: Jonathan Chen Cc: Darren Pilgrim , freebsd-questions@FreeBSD.ORG Subject: Re: How do I get SSH to not ask for my password? Message-ID: <20020512113337.A1008@fishballoon.dyndns.org> References: <3CDD9588.96ED7F2D@pantherdragon.org> <20020512103752.A29162@grimoire.chen.org.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020512103752.A29162@grimoire.chen.org.nz>; from jonc@chen.org.nz on Sun, May 12, 2002 at 10:37:52AM +1200 X-Operating-System: FreeBSD 4.6-PRERELEASE i386 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, May 12, 2002 at 10:37:52AM +1200, Jonathan Chen wrote: > On Sat, May 11, 2002 at 03:04:56PM -0700, Darren Pilgrim wrote: > > The other day I saw a machine with SSH set up in such a way that it > > didn't ask for a password, even though there was a password on the shell > > account the user was connecting to. How is this done? > > On the local machine, generate a "identity" and "identity.pub" file using > ssh-keygen. (You don't need to do this if you already have it.) Put the > contents of "identity.pub" into the remote machine's ~/.ssh/authorized_hosts > file. ITYM ~/.ssh/authorized_keys Depending on whether you generated an RSA1, RSA or DSA key (see the -t option to ssh-keygen) you might also need to put a public key into ~/.ssh/authorized_keys2 on the server. I usually just generate all three key types -- makes life easier when you have several different SSH versions running on 4 different platforms, with subtle configuration differences. ssh-keygen should generate everything with the right permissions by default -- in particular, the private keys should be readable only by you. I have my ~/.ssh directory chmod-ed 700 as well. HTH, Scott -- =========================================================================== Scott Mitchell | PGP Key ID | "Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines" scott.mitchell@mail.com | 0xAA775B8B | -- Anon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message