[CLUE-Tech] ssh using RSA authentication?
David Anselmi
anselmi at americanisp.net
Wed Nov 27 09:35:21 MST 2002
Dave Price wrote:
> Hi,
>
> I am trying to set up 'no password' access to remote systems with ssh
> and RSA keys.
>
> I have built both rsa and rsa1 keys on a mandrake client - these have
> null passwords
Null passwords is perhaps a bad idea, but may be necessary...
On the server, you need the authorized keys file containing the public
key you generated. Typically it goes in ~/.ssh/authorized_keys.
Let's say you're using version 2 of the protocol (you need a recent
OpenSSH package since old ones have security holes). The line in
authorized keys should look like this (and it's all one line):
ssh-rsa <pub key in base64> <comment>
That's all there is to it.
On the client side, you need the private key. Usually that is in
~/.ssh/id_rsa (for an rsa key). Both pieces of the key are generated by
ssh-keygen which you seem to have down.
So, authorized_keys on the server, id_rsa on the client (this is the one
with the null password).
If ssh asks you for a passphrase, it is trying to decrypt your private
key. If it asks for a password it is skipping rsa authentication.
When you use ssh, you have to be connecting as the user with the
authorized_keys file, use -l <username> if it is different on the client
machine.
You can use -v (or -vv) to get details about the authentication process.
It's pretty helpful showing you what ssh thinks is happening.
If none of this helps, perhaps you have a different client than server.
For example, the CLUE server runs SSH (not OpenSSH) so it behaves very
differently. It should be possible to do what you're trying in that
case, but I didn't get it to work in the short time I fiddled with it.
HTH,
Dave
More information about the clue-tech
mailing list