[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: setting a password less ssh connection

Karl Larsen wrote:
Stephen Mirowski wrote:
hicham wrote:
I'm having trouble to set a passwordless ssh connection between many pcs ,
I've found lot on the web about exchanging public keys but i still
cannot make it password less



I believe if you enable:

#PermitEmptyPasswords no

and change to "yes" in /etc/ssh/sshd_config, then restart you sshd, it should allow no passwords. Personally, I recommend against remote access w/o passwords.

Stephen Mirowski

I echo the concern about empty passwords. Without the password any hacker can ssh to any of your computers and get on. This is very bad! Even a stupid Hacker could delete your entire directory. And a smart one would delete your entire computer!


This is not what the OP is trying to do (or, at least, I hope not...).

Leave this alone, having passwordless accounts you can log into over
ssh is an awful idea as mentioned above:
#PermitEmptyPasswords no

Add this to prevent authentication against the user's password:
PasswordAuthentication no

Restart sshd

To ssh into a user account you now need a key pair:
eg. id_dsa (private) and id_dsa.pub (public).
The user needs to do "$ cat id_dsa.pub >> ~/.ssh/authorized_keys",
so the key is now recognised on logging in.

To ssh in you need to use the private key.  Unless it's one of a
few default names or specified in ~/.ssh/config, you need to point
to it with ssh's -i flag.

If the key was generated password protected you'll be prompted for
the key's password (not the user password), if not (or you've
since removed the password with ssh-keygen) then you'll be logged
in straight away.

Files in ~/.ssh are picky about permissions, rule of thumb: anything
not ending in .pub should be set 600.  .pub files can be 644, but
there's no real reason to do that.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]