[Gllug] RSA or DSA
Alain Williams
addw at phcomp.co.uk
Tue May 17 08:33:35 UTC 2005
On Tue, May 17, 2005 at 09:25:48AM +0000, Dani Pardo wrote:
> Steve Nelson wrote:
>
> >In conclusion, here's what I use:
> >
> >ssh-keygen -t dsa -b 1280
> >
>
> Hi, I've used that command, wich generated my
> /root/.ssh/identity.pub. I've copied that file on a remote machine via
> scp.
> On the remote machine, I issued:
>
> # cat file.pub >> /root/.ssh/authorized_keys
>
> But now, from the first machine, If I ssh to the second one, It
> stills prompts for password. How can I ssh directly with no password?
The file that I copy to the remote machine is ~/.ssh/id_dsa.pub, and I append
it to ~/.ssh/authorized_keys (on the remote machine).
~/.ssh/authorized_keys must be mode 600, the ~/.ssh directory & HOME directory
should not be world/group writable (I don't know if that is a requirement, but
good practice anyway).
On your local machine you need to start a ssh-agent, I put this at the start
of my .bash_profile:
# So that ssh will work, take care with X logins - see .xsession
[[ -z $SSH_AGENT_PID && -z $DISPLAY ]] &&
exec -l ssh-agent $SHELL -c "bash --login"
Then on your workstation type:
ssh-add
and give is the passphrase that you typed when you ran ssh-keygen.
The above will work if the usernames are the same on the workstation and machine
that you login to. If not fiddle with the name at the end of line in authorized_keys.
Whatever the reason you are failing to login - you SHOULD NOT attempt to do
what you are trying above -- login to a remote machine over the Internet as ROOT !!!
This what would happen if your laptop/workstation got owned/compromised ? All the
other machines would be compromised as well.
OK to login as yourself remotely, but NEVER as root, ie ALWAYS go 'su' when you
need to do sysadmin magic.
--
Alain Williams
Parliament Hill Computers Ltd.
Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256
#include <std_disclaimer.h>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20050517/968b3b18/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list