Date: Thu, 13 Sep 2001 12:33:34 +0300 From: Odhiambo Washington <wash@wananchi.com> To: George Reid <greid@FreeBSD.org> Cc: FBSD-Q <freebsd-questions@freebsd.org> Subject: Re: SSH Password Authentication... Message-ID: <20010913123334.K86225@ns2.wananchi.com> In-Reply-To: <20010913023125.A190@FreeBSD.org> References: <IAEKKLIOEBMAKJIIGEBBKEJGCDAA.ecrim@earthlink.net> <NFBBJPHLGLNJEEECOCHAEEMNCCAA.deuce@lordlegacy.org> <20010912114309.K6733@ns2.wananchi.com> <20010913023125.A190@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--6TrnltStXW4iwmi0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * George Reid <greid@FreeBSD.org> [20010913 04:31]: writing on the subject = 'Re: SSH Password Authentication...' | On Wed, Sep 12, 2001 at 11:43:09AM +0300, Odhiambo Washington wrote: |=20 | > This works for others, but ++NEVER++ worked for me. |=20 | You probably have the wrong permissions on ~/.ssh on the remote machine. |=20 Hi George, I actually managed to get this thing working yesterday and even as I posted= and trolled on the list that this thing did not work, I was actually doing the very correct thing, except at = a miniature step where things didn't seem right. I could attribute that to the man pages, since we all differ in the = way we present a view. Here is the section of the manual that I seemed not to understand well but = now makes so much sense. ## AUTHORIZED_KEYS FILE FORMAT The $HOME/.ssh/authorized_keys file lists the RSA keys that are permit= ted for RSA authentication in SSH protocols 1.3 and 1.5 Similarly, the $HOME/.ssh/authorized_keys2 file lists the DSA keys that are permitted for DSA authentication in SSH protocol 2.0. Each line of the file con- tains one key (empty lines and lines starting with a `#' are ignored as comments). Each line consists of the following fields, separated by spaces: options, bits, exponent, modulus, comment. The options field = is optional; its presence is determined by whether the line starts with a number or not (the option field never starts with a number). The bits, exponent, modulus and comment fields give the RSA key; the comment fie= ld is not used for anything (but may be convenient for the user to identi= fy the key). ## The mistake that I was doing was like this (on the remote machine) cd .ssh/ cp identity.pub authorized_keys =2E.instead of cat identity.pub > authorized_keys One thing that I am yes to understand though is: 1. Is it better to use DSA or RSA 2. If I have authorized_keys and authorized_keys2, how does ssh make the de= cision on what to use? 3. I realize that when I make a key with a passphrase then I have to be the= re to manually enter it if I wanted a task to complete in my absence. Is there a way to circumvent this other than mak= e keys without a passphrase? Other than those questions I must say I am so happy it's working. TIA -Wash -- Odhiambo Washington Wananchi Online Ltd., wash@wananchi.com 1st Flr Loita Hse. Tel: 254 2 313985 Loita Street., Fax: 254 2 313922 PO Box 10286,00100-NAIROBI,KE. Not many men have both good fortune and good sense.=20 -Titus Livy=20 --6TrnltStXW4iwmi0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7oH1un7LIsuxjem8RAiBuAJ9uoeMxHsjk+iY07sCqeaUx4kBrVwCglD/s 8FMbb/7HCC8rkYSFPOzy+vI= =LPTt -----END PGP SIGNATURE----- --6TrnltStXW4iwmi0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010913123334.K86225>