[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Per your request, SSH without passwords

Here's a page from my system documentation that gives a step-by-step how
to.  (To the hackers lurking on this list, I do NOT do this on systems
accessible from the internet, only those inside the firewalls.)

7.00 Using SSH and SCP without passwords

7.10 From a Linux system

To use ssh or scp between Linux systems without using a password, you
must have the authorization files in place on both systems.  Use this
procedure to get the files generated and copied to the correct

Be VERY aware of the source and destination systems as you read through
this documentation.

Log in to host you want to connect FROM as user you want to be when
  # cd .ssh
  # ssh-keygen -t rsa
  # scp id_rsa.pub <Target_System>:/root/.ssh/from-<Source_System>
Log in to host you want to connect TO as user you want to be when
  # ssh <User_Name>@<Target_System>
  # cd .ssh
If there is an existing authorized_keys2 file...
  # cat from-<Source_System> >> authorized_keys2
If there is no file yet...
  # mv from-<Source_System> authorized_keys2
  # chmod 600 authorized_keys2

>From now on, these commands will not require a password:

ssh <User_Name>@<Target_System>
scp <filename> <Target_System>:<filename>

To add another target system, do not re-generate the keys!  This will
invalidate the keys you already have in place.  Simply copy the
id_rsa.pub file to the new target system and continue with the procedure
as listed above.

7.20 From a Windows system

To use Putty to automatically authenticate to Linux systems, you must
create keys from your system using Puttygen, and then run the Putty
authentication agent, Pagent, to load the keys for Putty to use.

To generate a set of keys for your system, start the Puttygen
application, and click the Generate button.  Move your mouse around in
the blank area to generate random noise which is the encryption seed. 
After a few seconds you will see Puttygen create your key set.

In the Key comment field, type your network login name.  This is simply
for identification of the key, it is not used for authentication or
identification of the user.

Underneath the Key comment field, you can enter a pass phrase to
encrypt your private key, or leave the entries blank to store the key
unencrypted.  The public keys are never encrypted since they are truly
public information.

Next, save the two keys in a secure location.  Save your private key as
your network login name with a .pri extension, and your public key with
a .pub extension.  Finally, copy the public key from the top of the
window into the clipboard for pasting in the next step.

Use SSH to log into a remote Linux system as the user you want to use
without a password.  Change to the .ssh directory.

  # cd .ssh

Edit the authorized_keys2 file.

  # pico authorized_keys2

Paste the key from the clipboard to the end of the file by clicking the
right mouse button inside the Putty window.  Make sure the key you just
pasted is on its own line.  Save the file and exit.

IMPORTANT!!!   Verify the permissions are correct on the file.

  #  chmod 600 authorized_keys2

You can now log out of the Linux system.

Now configure Pagent to start automatically.  Create a shortcut to the
pagent.exe program in your startup menu folder.  Edit the properties and
make the Target entry look like this:

"C:\Program Files\putty\pageant.exe" "C:\Program Files\putty\<key file

Note the double-quotes around two separate sections.  You should only
have to enter the second section.

Save the properties and execute the shortcut.  You should see a
computer with a hat in your system tray next to the clock.  Right-click
on the pagent icon and choose View keys.  You should see your private
key listed.  

Finally, set up Putty to use the keys you have created.  Start Putty
and Load, but do not open, the profile for the system you copied your
public key to above.  In the left pane, click on SSH.  Click the radio
button to chose SSH protocol version 2.  Click on Auth, just below the
SSH item on the left.  Click on the Browse button to locate and
double-click on your private key file.  Very important!  Click on
Session in the left pane and click Save or your edits here will be

To log in to the system, click Open.  You may get a dialog about a new
fingerprint.  That's OK, accept it.  Enter the username you used
above.  You should not be asked for a password, it should load the
security key from the agent and allow you in.

>>> jpc scooby jaycrews com 02/20/03 10:57AM >>>
Toni Erdmann writes....
> ssh can be configured to run without passwords, just with secret
> and trusted host/users. But I haven't done this yet.

Same here.
I still use the password, but want to set mine up
to use the keys (PGP I assume?), and such.
If anyong knows a good "How-To" on that, or wants to
start a new threat with instructions, inquiring minds,
want to know.

(I'm totally lost on the whole PGP concept.)

-- Jay Crews
jpc jaycrews com 

Psyche-list mailing list
Psyche-list redhat com 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]