Re: Passwordless ssh, "once and for all"...

From: Noah Salzman (noah@ncircle.com)
Date: 12/12/02

  • Next message: Mike Sowka: "WAS: Re: Passwordless ssh, "once and for all"..."
    Date: Thu, 12 Dec 2002 10:57:02 -0800
    To: Mike Sowka <msowka@doe.carleton.ca>
    From: Noah Salzman <noah@ncircle.com>
    
    

    You don't want to put keys in known_hosts you want to put them in
    authorized_keys2.

    Also, to avoid the unknown host warning (separate from the password
    issue) you may want to do "StrictHostKeyChecking=no".

       --Noah--

    On Wednesday, December 11, 2002, at 01:49 PM, Mike Sowka wrote:

    > Hello,
    > Number one, I have to admit that openssh has always been a bit of a
    > "black magic" to me. The everyday stuff is a breeze (ssh scp), but I've
    > had hell of a time setting up passwordless ssh for a little MPI cluster
    > I have running here at school.
    > I got the darned thing running about a year ago, having tried various
    > methods, I finally STUMBLED on a working setup... unfortunately a hasty
    > rm -rf .ssh here and there really messed things up.
    > I've now decided I should learn how to get openssh-3.1p1 setup for
    > passwordless ssh the right way, and in such a way that I know what's
    > going on and can properly maintain my cluster.
    > Please note the I've been RTFMing for the past 5 hours... and am on the
    > verge of my nerves (hence the babbling on in my post).
    >
    > WHAT I NEED: passwordless login for ALL users from "master" to all
    > "nodes" 1-14...
    >
    > WHAT I'M TRYING TO DO: I've worked on the one "master" to see if I can
    > get pswd'less ssh on there first...
    > -sshd creates the keys.
    > -I take /etc/ssh/ssh_host_key.pub and copy it into
    > /etc/ssh/ssh_known_hosts with "master" prepended
    > -create /etc/hosts.equiv AND /etc/ssh/hosts.equiv with "master" listed
    >
    > QUESTION: Why the HECK does it keep asking me for a password to
    > login???? Should I use protocol I ? And if so how do I enable it ( I
    > have tried, and it would still insist on a password)
    >
    > Any suggestion and/or help ARE MUCH APPRECIATED.
    > THANK YOU,
    > Mike
    >
    > --
    > Mike Sowka <msowka@doe.carleton.ca>
    >



    Relevant Pages

    • Re: Opening ports in my firewall
      ... >> only with DSA keys, and not allowing manual password logins. ... - copy the .ssh directory to the new machine, if you control it, or ... Walter Dnes; my email address is *ALMOST* like wzaltdnes@waltdnes.org ...
      (comp.os.linux.security)
    • RE: sshd / ssh setup
      ... USA server and his windows/xp notebook to use SSH. ... followed sshd instruction and built ... and require users to submit keys. ...
      (freebsd-questions)
    • Re: SSH via Expect disconnects
      ... using autoexpect was the answer (please refer to thread ... >> I have received one suggestion that I explore the idea of using keys ... >> have poured through the manpage for Expect as well as SSH, ... >>> I am using an expect script to initiate an SSH session to another host ...
      (comp.lang.tcl)
    • Re: Firewall security: Re: Problems with simple Samba file share
      ... Man ssh ... ... Why is that, Peter? ... The firewall does help protect ... against someone stealing the keys and using them at another location. ...
      (comp.os.linux.misc)
    • Re: Ported tools and SSH
      ... auditors are grumbling about SSH because it stores its keys in the open. ... simple and steps can often be taken to meet security requirements. ... Consider first z/OS SSH as a server: ...
      (bit.listserv.ibm-main)