[lug] OpenSSH & RSAAuthentication

Bryan Field-Elliot bryan_lists at netmeme.org
Wed Dec 5 17:11:40 MST 2001 

Actually Shannon, 

An important step Anders left out was that you have to copy the RSA
public key file to the SSHD server, in the home directory of the target
user, ".ssh" subdirectory, and call the file, "authorized_keys". If that
doesn't work, try calling the file "authorized_keys2". One of the two
should be correct, but I forgot the exact semantics of which one to use
under which circumstances. 

On the client side, you need to have the public and private keys in the
correct place, but they were probably already deposited in the correct
directory and filenamed correctly when you ran "ssh_keygen". (the files
are ~/.ssh/identity and ~/.ssh/identity.pub) 

With that properly in place, you can still accept regular password
authentication as a fallback: 

(in sshd_config): 
PasswordAuthentication yes 

That way, if the pub/prv keys are available on the client (and the pub
key is on the server), the password won't be asked for. Otherwise, the
password will be asked for, as a fallback. 

Bryan 


On Wed, 2001-12-05 at 16:55, Anders Knudsen wrote:

    Sorry about the lag...had a few digests to parse through :)
    
    Anyhow, to make sshd not prompt for the password, just edit the 
    /etc/ssh/sshd_config file and make sure you have an entry that says:
    PasswordAuthentication no
    you then also want:
    RSAAuthentication yes
    and for some safety:
    PermitRootLogin no
    
    restart sshd after editing this file.
    
    for further description do a "man sshd" and check out the Configuration 
    section.
    
    enjoy!
    -anders.
    
    At 07:01 PM 11/28/2001 +0000, Shannon Johnston wrote:
    >Date: Wed, 28 Nov 2001 10:52:07 -0700 (MST)
    >From: Shannon Johnston <nunar at nunar.com>
    >To: lug at lug.boulder.co.us
    >Subject:
    >Reply-To: lug at lug.boulder.co.us
    >
    >HI All,
    >I need to use RSA keys to authenticate SSH sessions without prompting for
    >a password. I haven't done this before. Could anybody clue me in or point
    >me to some good documentation on how to accomplish this??
    >
    >I'm using OpenSSH 3.0.1p1
    >
    >Thanks,
    >
    >Shannon Johnston
    >nunar at nunar.com
    
    _______________________________________________
    Web Page:  http://lug.boulder.co.us
    Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
    
    
    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20011205/ac74613e/attachment.html>

More information about the LUG mailing list