Passphrase-free ssh keys

jibbajabbajibbajabba Google NinjaMember Posts: 4,317 ■■■■■■■■□□
Could someone give me a quick hint for both, server and client side ?
My own knowledge base made public: http://open902.com :p

Comments

  • livenliven Senior Member Member Posts: 918
    its simple

    create an ssh key

    ssh-keygen -t dsa

    don't give it a password.

    Then copy the public key to the box you want to ssh to.

    The first time you connect with ssh you will have to answer yes for the finger print for each new box you connect to.

    After that you can connect with out a password using SSH. This works very well for bash, perl scripts etc...
    encrypt the encryption, never mind my brain hurts.
  • jibbajabbajibbajabba Google Ninja Member Posts: 4,317 ■■■■■■■■□□
    liven wrote: »
    its simple

    create an ssh key

    ssh-keygen -t dsa

    don't give it a password.

    Then copy the public key to the box you want to ssh to.

    The first time you connect with ssh you will have to answer yes for the finger print for each new box you connect to.

    After that you can connect with out a password using SSH. This works very well for bash, perl scripts etc...

    Cool - thanks icon_wink.gif ...
    My own knowledge base made public: http://open902.com :p
  • tierstentiersten was here. Member Posts: 4,505
    Eww. Passphrase free SSH keys are bad.

    If you really must have one then use the authorized_keys options for that key to limit what that key can do. Restricting the source addresses that can use the key at a minimum.
  • jibbajabbajibbajabba Google Ninja Member Posts: 4,317 ■■■■■■■■□□
    tiersten wrote: »
    Eww. Passphrase free SSH keys are bad.

    If you really must have one then use the authorized_keys options for that key to limit what that key can do. Restricting the source addresses that can use the key at a minimum.

    This is used between two dev server ... hardly mission critical :)

    They don't even have internet access ..

    By the way - I still get a password prompt icon_sad.gif
    My own knowledge base made public: http://open902.com :p
  • livenliven Senior Member Member Posts: 918
    Gomjaba wrote: »
    This is used between two dev server ... hardly mission critical :)

    They don't even have internet access ..

    By the way - I still get a password prompt icon_sad.gif


    Then you did something wrong.

    You have to put the public key in a file called


    autorized_keys

    usually in a hidden directory in the users home directory on the other machine.


    So

    as user tom on machine A

    ssh-keygen -t dsa

    then scp id_dsa.pub to /home/tom/.ssh/

    then cat id_dsa.pub >> authorized_keys (on machine B)

    then from machine A as TOM, ssh into B.

    You will have to answer yes to accepting the finger print the first time, after which tom should be able to ssh with out a password from that moment on.
    encrypt the encryption, never mind my brain hurts.
  • jibbajabbajibbajabba Google Ninja Member Posts: 4,317 ■■■■■■■■□□
    Ah - ta - the autorized_keys did it :p
    My own knowledge base made public: http://open902.com :p
Sign In or Register to comment.