Re: Password less login between client & server, server & client
- From: Chuck <skilover_nospam@xxxxxxxxxxxxxx>
- Date: Mon, 10 Apr 2006 18:27:40 GMT
sky@xxxxxxxxxxxxxx wrote:
Hi,
I have a question pertaining to the possibility of using ssh keys for
password less logins on both the ssh client and ssh server. To explain
this more directly I want my ssh client to connect to my ssh server and
vice versa. Currently I have searched throughout the newsgroups and
performed many google queries but I cannot seem to find the solution.
I am using OpenSSH_3.0.2p1 on Solaris 8 Operating Systems on Sparc
architecture and various models.
To provide you with a little background I will explain the process I
use to create a key for the ssh client. On the ssh client I create my
public and private keys using the following steps:
1. Login as the user that is making the connection.
2. If not already created, mkdir .ssh in the user's home directory and
set restrictive permissions.
3. cd ~/.ssh
4. Execute: /usr/local/bin/ssh-keygen -t dsa
5. I accept the default key names, "id_dsa" and "id_dsa.pub" and hit
enter to accept a blank passphrase.
6. I then scp the "id_dsa.pub" to the servers .ssh directory and cat or
copy it to "authorized_keys". I set restrictive permissions, 400 to the
"authorized_keys" file.
7. From the client I then type: ssh server-name and am allowed to login
without a password.
To allow the server to connect to the client I perform the same
process, except rename the public and private keys to different names,
so that I do not overwrite the key information. I scp the
"id_dsa_server.pub" to the client and cat >> authorized_keys. This does
not work and when I attempt to login from the server to the client I am
then prompted for a password.
Currently, as a temporary work around I am using an rsa key to connect
from my client to server and a dsa key to connect from my server to
client. I would like to find a permanent solution to this problem, as I
have more clients that will need to connect to both the server and
client, and vice versa again.
Thank you in advance for any advice or help anyone can provide on this
topic.
You're making it more complicated than necessary. You don't need to
juggle files like this.
Servers only need the public key. Clients only need the private key.
Regardless of which server you're calling the client or server, as far
as ssh is concerned, the server is *always* the one running sshd, and
the client is *always* the one connecting to it with ssh, putty, or
whatever other client software you're using.
Here's all you need to do. Create one keypair. Copy the private key to
both servers' .ssh directory. Place the public key in both servers'
authorized_keys file. That should be all you need.
I would *strongly* recommend passphrase protecting your private key.
Anyone who gets a copy of that file can authenticate as you with no
password or passphrase on any server/account the corresponding public
key is installed on. If you need automatic authentication with no
keyboard intervention use an agent. With an agent you can enter your
passphrase once and have automatic authentication every time after that.
If your client is PuTTY use paegent. If OpenSSH, then ssh-agent and use
ssh-add to add/list identities (private keys) to/from it. The agent will
prompt one time for the passphrase and feed it to the client ever time
thereafter.
--
To reply by email remove "_nospam"
.
- Follow-Ups:
- References:
- Prev by Date: Re: X11 display forwarding
- Next by Date: SSH Issue on OS X
- Previous by thread: Password less login between client & server, server & client
- Next by thread: Re: Password less login between client & server, server & client
- Index(es):
Relevant Pages
|
