setting a password less ssh connection
Ian Malone
ibmalone at gmail.com
Fri May 19 19:52:55 UTC 2006
Karl Larsen wrote:
> Stephen Mirowski wrote:
>> hicham wrote:
>>> Hello
>>> I'm having trouble to set a passwordless ssh connection between many
>>> pcs ,
>>> I've found lot on the web about exchanging public keys but i still
>>> cannot make it password less
>>>
>>> thanks
>>>
>>> hicham
>>>
>> I believe if you enable:
>>
>> #PermitEmptyPasswords no
>>
>> and change to "yes" in /etc/ssh/sshd_config, then restart you sshd, it
>> should allow no passwords. Personally, I recommend against remote
>> access w/o passwords.
>>
>> Stephen Mirowski
>>
> I echo the concern about empty passwords. Without the password any
> hacker can ssh to any of your computers and get on. This is very bad!
> Even a stupid Hacker could delete your entire directory. And a smart one
> would delete your entire computer!
>
> Karl
>
This is not what the OP is trying to do (or, at least, I hope not...).
Leave this alone, having passwordless accounts you can log into over
ssh is an awful idea as mentioned above:
#PermitEmptyPasswords no
Add this to prevent authentication against the user's password:
PasswordAuthentication no
Restart sshd
To ssh into a user account you now need a key pair:
eg. id_dsa (private) and id_dsa.pub (public).
The user needs to do "$ cat id_dsa.pub >> ~/.ssh/authorized_keys",
so the key is now recognised on logging in.
To ssh in you need to use the private key. Unless it's one of a
few default names or specified in ~/.ssh/config, you need to point
to it with ssh's -i flag.
If the key was generated password protected you'll be prompted for
the key's password (not the user password), if not (or you've
since removed the password with ssh-keygen) then you'll be logged
in straight away.
Files in ~/.ssh are picky about permissions, rule of thumb: anything
not ending in .pub should be set 600. .pub files can be 644, but
there's no real reason to do that.
--
imalone
More information about the fedora-list
mailing list