Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Debian & SSH2


On Sun, 2004-05-02 at 15:01, oscarp@xxxxxxxxxxx wrote:
> Quoting Howard Lowndes <lannet@xxxxxxxxxxxxx>:
> 
> Just re-stating your objective:
> You want to logon to SERVER from CLIENT using ssh without being
> prompted.

Yes

> 
> Here are the processes I'd do.
> 
> 1. Do this on CLIENT:
> 
> #ssh2-keygen -t rsa -b 1024

Already done that.

> 
> Just press enter for every prompt.
> 
> 2. Append CLIENT:~root/.ssh2/id_rsa2.pub to SERVER:~root/.ssh2/authorized_keys

Mmmm.  SSH2 on Deb doesn't mention the authorized_keys file in the man
pages, just the authorization file and the key files that are listed
therein.  I already had done the above anyway as it is the way things
work on RedHat, but to no avail on Deb.

> 
> 3. From CLIENT you may ssh SERVER without being prompted to gain access to
> SERVER.
> 
> You do steps 1. and 2. only once.
> 
> Next time you want to access SERVER just do 3.
> 
> Have fun.
> 
> > I'm new to Debian and the sshd2 setup is slightly different to what I am
> > used to.
> >
> > According to the man pages, on the sshd2 server, I should have a file
> > $HOME/.ssh2/authorization which contains pointers to the files in
> > $HOME/.ssh2 which contain the public keys for the user wishing to
> > authenticate.
> >
> > My $HOME/.ssh2/authorization files looks like:
> > Key id_rsa1.pub
> > Key id_rsa2.pub
> > Key id_dsa.pub
> >
> > and the files are:
> >
> > ~/.ssh2# cat id_rsa1.pub
> > 1024 37
> > 136554113100058568808775345080050862035012285738018012068064449742683001343771549777969589013260969485343141588718554432949755127515002842850917844083176751765203487551872047361816509233723141210858206641208490439584820104013130192503051372955765960649463169369096403404943669141205393446053340160515321474091
> >
> > ~/.ssh2# cat id_rsa2.pub
> > ssh-rsa
> > AAAAB3NzaC1yc2EAAAABIwAAAIEArXkTV4iYYIzOgLOV0WrpaksnV4NSVt8bKZPmLRDx+EPgxPJaLPCAbDawZg12+0j4An2R0VSOLnrb10IVD+cpYjN8gE0ARLxfvlRDq6kzBy1VNQU+xjXsiMenMhLwu8RTmkJhnfzTO6qlwAEDxnvxUPWAl7pSXocGOyY+gZtI0P8=
> >
> > ~/.ssh2# cat id_dsa.pub
> > ssh-dss
> > AAAAB3NzaC1kc3MAAACBAPzklpvhUqP2/Sh8o0mP/KzChY4AD68bDkqyUqcUbDxSnOwS9FybX47SVOsR824KImm+3SvGYieTHlVTedNtHAcEKOKTlJES12unK4Mtd6UMVjCeza4uhMexvv91QMT0cqNjww6NCbFbDZOn9mtZB1me/ZBQ+zxKw6PD2rp7TBXnAAAAFQDJk4Erx54l+TonAY0y94c5TxO78QAAAIEAi80UdE/BbVFE44TuJJ0qP38/ssy1P7YA8gw/6CxgvCqlqn6hdZLvFAXCKr+EX9qf+RqBY7FrfgLA+liYfwrCmZJUcSDyphLAvjPiCsybdvZusfcfxNUiudaS31ZTRbrD0rWZCFJPQvsxUlDYJPSvG9ctjCR/IVlnQtUBxCu6KucAAACAXNx9tI1IlC1G3ZZ6Ac2NiCnETf/e+NerS4iY2TQFgd67W8SiQB3uzudyOEXJ8t9gQXFhPCEthifFL8kTvw7Vd6cXnncgz3haSFT40cLE876+gpMmlWuoMc5FHm5BTgDjHw2EwHdaiiS8DV/yWwYxODEYWQUUALJrFSvw443kqvM=
> >
> >
> > The /etc/ssh2/sshd_config files has the following line:
> >         AllowedAuthentications          publickey,password
> >
> >
> > The problem is that the ssh server ignores these pubkey files and calls
> > for password authentication, which is what I don't want to happen.
> >
> > Where might I be going wrong?  I suspect the authorization file might be
> > wrong, but not by how I read the man page for ssh2.
> >
> > --
> > Howard.
> > LANNet Computing Associates - Your Linux people <http://www.lannetlinux.com>
> > ------------------------------------------
> > Flatter government, not fatter government - Get rid of the Australian states.
> > ------------------------------------------
> > To mess up a Linux box, you need to work at it;
> > to mess up your Windows box, you just need to work on it.
> >  - Scott Granneman, SecurityFocus
> >
> > --
> > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
> 
> 
> 
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
-- 
Howard.
LANNet Computing Associates - Your Linux people <http://www.lannetlinux.com>
------------------------------------------
Flatter government, not fatter government - Get rid of the Australian states.
------------------------------------------
To mess up a Linux box, you need to work at it;
to mess up your Windows box, you just need to work on it.
 - Scott Granneman, SecurityFocus