On Mon, Feb 12, 2001 at 05:39:52PM +0000, John P . Looney wrote:
> On Mon, Feb 12, 2001 at 05:37:03PM +0000, Stephen Shirley mentioned:
> > It doesn't make any difference. To do rsa authentication, you need to have
> > your key held by an agent. All that means is that when prompted for your
> > password by the agent you can just hit return. You should setup the agent
> > to run when you log into your local machine.
>> But...but...I had SSH setup to not ask for a password before. And it
> worked. And there was no agent. And I don't want to use an agent, as it's
> on a pair of backend servers that no one is supposed to login to.
Every six months or so, I find myself in need of exactly this. And every
time, I find myself banging my head against this exact same brick wall
for a couple of minutes. :-)
Things like file permissions, directory permissions, what sshd_config say
and so on and so forth seem to conspire to bite me. And I seem to always
forget to run "ssh -v" *first*. Like, Duh! :-)
Anyway, .shosts files are (IMHO) more trouble than just RSA (or DSA?)
authentication. Plus, I don't entirely trust 'em... I find it best to
just ssh-keygen a keypair without a passphrase, stick it on the remote
box in an appropriate authorized_keys, make sure everything is og-rwx
over there, take a quick gander at the remote box's sshd_config file
and give it a whirl. Then I doctor the remote authorized_keys file to
only accept that passphrase from this machine.
I also find that ssh autologin problems *hate* being ignored. If you
ignore them, even for just a few minutes, they get bored and go away. *grin*
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!