From owner-freebsd-questions  Thu Sep 13  8:36:30 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from ns2.wananchi.com (mail.wananchi.com [62.8.64.4])
	by hub.freebsd.org (Postfix) with ESMTP
	id A35BB37B416; Thu, 13 Sep 2001 08:36:12 -0700 (PDT)
Received: from wash by ns2.wananchi.com with local (Exim 3.33 #1)
	id 15hSsI-0001c4-00; Thu, 13 Sep 2001 12:33:34 +0300
Date: Thu, 13 Sep 2001 12:33:34 +0300
From: Odhiambo Washington <wash@wananchi.com>
To: George Reid <greid@FreeBSD.org>
Cc: FBSD-Q <freebsd-questions@freebsd.org>
Subject: Re: SSH Password Authentication...
Message-ID: <20010913123334.K86225@ns2.wananchi.com>
Mail-Followup-To: Odhiambo Washington <wash@wananchi.com>,
	George Reid <greid@FreeBSD.org>,
	FBSD-Q <freebsd-questions@freebsd.org>
References: <IAEKKLIOEBMAKJIIGEBBKEJGCDAA.ecrim@earthlink.net> <NFBBJPHLGLNJEEECOCHAEEMNCCAA.deuce@lordlegacy.org> <20010912114309.K6733@ns2.wananchi.com> <20010913023125.A190@FreeBSD.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="6TrnltStXW4iwmi0"
Content-Disposition: inline
In-Reply-To: <20010913023125.A190@FreeBSD.org>
User-Agent: Mutt/1.3.22.1i
X-Disclaimer: My opinions do not necessarily represent those of my employer.
X-Operating-System: FreeBSD 4.4-RC i386
X-Designation: Systems Administrator, Wananchi Online Ltd.
X-Location: Nairobi, KE, East Africa.
X-Uptime: 12:23PM  up 7 days, 20:18, 2 users, load averages: 0.06, 0.10, 0.08
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


--6TrnltStXW4iwmi0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* George Reid <greid@FreeBSD.org> [20010913 04:31]: writing on the subject =
'Re: SSH Password Authentication...'
| On Wed, Sep 12, 2001 at 11:43:09AM +0300, Odhiambo Washington wrote:
|=20
| > This works for others, but ++NEVER++ worked for me.
|=20
| You probably have the wrong permissions on ~/.ssh on the remote machine.
|=20

Hi George,

I actually managed to get this thing working yesterday and even as I posted=
 and trolled on the list that this
thing did not work, I was actually doing the very correct thing, except at =
a miniature step where things didn't seem
right. I could attribute that to the man pages, since we all differ in the =
way we present a view.
Here is the section of the manual that I seemed not to understand well but =
now makes so much sense.

##
AUTHORIZED_KEYS FILE FORMAT
     The $HOME/.ssh/authorized_keys file lists the RSA keys that are permit=
ted
     for RSA authentication in SSH protocols 1.3 and 1.5 Similarly, the
     $HOME/.ssh/authorized_keys2 file lists the DSA keys that are permitted
     for DSA authentication in SSH protocol 2.0.  Each line of the file con-
     tains one key (empty lines and lines starting with a `#' are ignored as
     comments).  Each line consists of the following fields, separated by
     spaces: options, bits, exponent, modulus, comment.  The options field =
is
     optional; its presence is determined by whether the line starts with a
     number or not (the option field never starts with a number).  The bits,
     exponent, modulus and comment fields give the RSA key; the comment fie=
ld
     is not used for anything (but may be convenient for the user to identi=
fy
     the key).
##


The mistake that I was doing was like this (on the remote machine)

cd .ssh/
cp identity.pub authorized_keys


=2E.instead of

cat identity.pub > authorized_keys


One thing that I am yes to understand though is:

1. Is it better to use DSA or RSA
2. If I have authorized_keys and authorized_keys2, how does ssh make the de=
cision on what to use?
3. I realize that when I make a key with a passphrase then I have to be the=
re to manually enter it if I wanted a task to
   complete in my absence. Is there a way to circumvent this other than mak=
e keys without a passphrase?

Other than those questions I must say I am so happy it's working.


TIA

-Wash

--
Odhiambo Washington
Wananchi Online Ltd.,
wash@wananchi.com 1st Flr Loita Hse.
Tel: 254 2 313985 Loita Street.,
Fax: 254 2 313922 PO Box 10286,00100-NAIROBI,KE.

Not many men have both good fortune and good sense.=20
-Titus Livy=20

--6TrnltStXW4iwmi0
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7oH1un7LIsuxjem8RAiBuAJ9uoeMxHsjk+iY07sCqeaUx4kBrVwCglD/s
8FMbb/7HCC8rkYSFPOzy+vI=
=LPTt
-----END PGP SIGNATURE-----

--6TrnltStXW4iwmi0--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message