Date: Thu, 13 Sep 2001 12:33:34 +0300 From: Odhiambo Washington <wash@wananchi.com> To: George Reid <greid@FreeBSD.org> Cc: FBSD-Q <freebsd-questions@freebsd.org> Subject: Re: SSH Password Authentication... Message-ID: <20010913123334.K86225@ns2.wananchi.com> In-Reply-To: <20010913023125.A190@FreeBSD.org> References: <IAEKKLIOEBMAKJIIGEBBKEJGCDAA.ecrim@earthlink.net> <NFBBJPHLGLNJEEECOCHAEEMNCCAA.deuce@lordlegacy.org> <20010912114309.K6733@ns2.wananchi.com> <20010913023125.A190@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
* George Reid <greid@FreeBSD.org> [20010913 04:31]: writing on the subject 'Re: SSH Password Authentication...'
| On Wed, Sep 12, 2001 at 11:43:09AM +0300, Odhiambo Washington wrote:
|
| > This works for others, but ++NEVER++ worked for me.
|
| You probably have the wrong permissions on ~/.ssh on the remote machine.
|
Hi George,
I actually managed to get this thing working yesterday and even as I posted and trolled on the list that this
thing did not work, I was actually doing the very correct thing, except at a miniature step where things didn't seem
right. I could attribute that to the man pages, since we all differ in the way we present a view.
Here is the section of the manual that I seemed not to understand well but now makes so much sense.
##
AUTHORIZED_KEYS FILE FORMAT
The $HOME/.ssh/authorized_keys file lists the RSA keys that are permitted
for RSA authentication in SSH protocols 1.3 and 1.5 Similarly, the
$HOME/.ssh/authorized_keys2 file lists the DSA keys that are permitted
for DSA authentication in SSH protocol 2.0. Each line of the file con-
tains one key (empty lines and lines starting with a `#' are ignored as
comments). Each line consists of the following fields, separated by
spaces: options, bits, exponent, modulus, comment. The options field is
optional; its presence is determined by whether the line starts with a
number or not (the option field never starts with a number). The bits,
exponent, modulus and comment fields give the RSA key; the comment field
is not used for anything (but may be convenient for the user to identify
the key).
##
The mistake that I was doing was like this (on the remote machine)
cd .ssh/
cp identity.pub authorized_keys
..instead of
cat identity.pub > authorized_keys
One thing that I am yes to understand though is:
1. Is it better to use DSA or RSA
2. If I have authorized_keys and authorized_keys2, how does ssh make the decision on what to use?
3. I realize that when I make a key with a passphrase then I have to be there to manually enter it if I wanted a task to
complete in my absence. Is there a way to circumvent this other than make keys without a passphrase?
Other than those questions I must say I am so happy it's working.
TIA
-Wash
--
Odhiambo Washington
Wananchi Online Ltd.,
wash@wananchi.com 1st Flr Loita Hse.
Tel: 254 2 313985 Loita Street.,
Fax: 254 2 313922 PO Box 10286,00100-NAIROBI,KE.
Not many men have both good fortune and good sense.
-Titus Livy
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7oH1un7LIsuxjem8RAiBuAJ9uoeMxHsjk+iY07sCqeaUx4kBrVwCglD/s
8FMbb/7HCC8rkYSFPOzy+vI=
=LPTt
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010913123334.K86225>