[lug] OpenSSH & RSAAuthentication

Anders Knudsen andersk at engineer.com
Fri Dec 7 09:35:08 MST 2001


Yep, for running the client ssh. That is, you must copy your "identity.pub" 
to a file called "authorized_keys" (assuming RSA, "authorized_keys2" is if 
you're using DSA.)
Then you just add more public key entries to "authorized_keys" if you need 
that.
Also, the file permissions need to be just so.
"identity" perms should be 600
"Identity.pub" and "authorized_keys" perms should be 644

In my setup I have PasswordAuthentication no, because IMHO it's a hole that 
needs to remain closed. :)

-anders

At 05:57 PM 12/6/2001 +0000, Bryan wrote:
>Actually Shannon,
>
>An important step Anders left out was that you have to copy the RSA
>public key file to the SSHD server, in the home directory of the target
>user, ".ssh" subdirectory, and call the file, "authorized_keys". If that
>doesn't work, try calling the file "authorized_keys2". One of the two
>should be correct, but I forgot the exact semantics of which one to use
>under which circumstances.
>
>On the client side, you need to have the public and private keys in the
>correct place, but they were probably already deposited in the correct
>directory and filenamed correctly when you ran "ssh_keygen". (the files
>are ~/.ssh/identity and ~/.ssh/identity.pub)
>
>With that properly in place, you can still accept regular password
>authentication as a fallback:
>
>(in sshd_config):
>PasswordAuthentication yes
>
>That way, if the pub/prv keys are available on the client (and the pub
>key is on the server), the password won't be asked for. Otherwise, the
>password will be asked for, as a fallback.
>
>Bryan
>
>
>On Wed, 2001-12-05 at 16:55, Anders Knudsen wrote:
>
>     Sorry about the lag...had a few digests to parse through :)
>
>     Anyhow, to make sshd not prompt for the password, just edit the
>     /etc/ssh/sshd_config file and make sure you have an entry that says:
>     PasswordAuthentication no
>     you then also want:
>     RSAAuthentication yes
>     and for some safety:
>     PermitRootLogin no
>
>     restart sshd after editing this file.
>
>     for further description do a "man sshd" and check out the Configuration
>     section.
>
>     enjoy!
>     -anders.
>
>     At 07:01 PM 11/28/2001 +0000, Shannon Johnston wrote:
>     >Date: Wed, 28 Nov 2001 10:52:07 -0700 (MST)
>     >From: Shannon Johnston <nunar at nunar.com>
>     >To: lug at lug.boulder.co.us
>     >Subject:
>     >Reply-To: lug at lug.boulder.co.us
>     >
>     >HI All,
>     >I need to use RSA keys to authenticate SSH sessions without 
> prompting for
>     >a password. I haven't done this before. Could anybody clue me in or 
> point
>     >me to some good documentation on how to accomplish this??
>     >
>     >I'm using OpenSSH 3.0.1p1
>     >
>     >Thanks,
>     >
>     >Shannon Johnston
>     >nunar at nunar.com




More information about the LUG mailing list