[CLUE-Tech] ssh using RSA authentication?
Todd Williams
hp205ctl at hotpop.com
Thu Nov 28 00:06:31 MST 2002
Dave Price wrote:
> Hi,
>
> I am trying to set up 'no password' access to remote systems with ssh
> and RSA keys.
>
> I have built both rsa and rsa1 keys on a mandrake client - these have
> null passwords
>
> I have tried manually copying these keys to ~/.ssh/authorized_keys
> and using a script ssh-auth, from the FAQ that seems to achieve the same
> same thing.
>
> I still get prompted for a password when I try to ssh to the remote
> system with the keys installed - any hints?
Here is a quick hint that I wrote a while back on setting exactly this up:
On your local box: run "ssh-keygen -t rsa"
(there is a manpage for ssh-keygen)
For this use you want an empty passphrase - otherwise it will prompt you
for it every time, just like a password, only longer. Just hit return
when prompted for a passphrase.
copy local:$HOME/.ssh/id_rsa.pub to remote:$HOME/.ssh/authorized_keys2
(you may need to create the remote .ssh dir)
make sure the remote .ssh dir has 700 perms (only owner may write)
and that files in the .ssh dir have 600 perms
append any other keys to the same file - from other hosts or accounts
It would also be good to make sure the following line is in your LOCAL
/etc/ssh/ssh_config file:
Protocol 2
as opposed to "protocol 1,2" or even "protocol 2,1"
This will force your ssh to only use ssh v2 - ssh v1 has known exploits that
are actively being scanned for. Be sure you are using a recent distro
or have
all patches up to date - there was at least one vulnerability discovered
in ssh
v2 within the last year.
The same should be done on the server if you have access.
Todd Williams
More information about the clue-tech
mailing list