Tuesday, January 8, 2008

SSH without interruptions

Configuration: Client Side (bangvst3a12l)

Here are the steps you need to do on the computer that acts as the SSH client:

1) Generate your SSH encryption key pair for the b_v3infra account. Press the Enter key each time you are prompted for a password to be associated with the keys. (Do not enter a password.) 

[b_v3infra@bangvst3a12l  b_v3infra]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key
(/b_v3infra/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in
/b_v3infra/.ssh/id_dsa.
Your public key has been saved in
/b_v3infra/.ssh/id_dsa.pub.
The key fingerprint is:
1e:73:59:96:25:93:3f:8b:50:39:81:9e:e3:4a:a8:aa
b_v3infra@bangvst3a12l 
[b_v3infra@bangvst3a12l  b_v3infra]#

2) These keyfiles are stored in the .ssh subdirectory of your home directory. View the contents of that directory. The file named id_dsa is your private key, and id_dsa.pub is the public key that you will be sharing with your target server. Versions other than RedHat/Fedora may use different filenames, use the SSH man pages to verify this. 

[b_v3infra@bangvst3a12l  b_v3infra]# cd ~/.ssh
[b_v3infra@bangvst3a12l  b_v3infra]# ls
id_dsa  id_dsa.pub  known_hosts
[b_v3infra@bangvst3a12l  .ssh]#

3) Copy only the public key to the home directory of the account to which you will be sending the file. 

[b_v3infra@bangvst3a12l  .ssh]# scp id_dsa.pub b_v3infra@vistacmsdev:public-key.tmp

Now, on to the server side of the operation.

Configuration - Server Side (vistacmsdev/RHN Server)

Here are the steps you need to do on the computer that will act as the SSH server.

1) Log into vistacmsdev as user b_v3infra. Create an .ssh subdirectory in your home directory and then go to it with cd. 

[b_v3infra@vistacmsdev b_v3infra]# ls
public-key.tmp
[b_v3infra@vistacmsdev b_v3infra]# mkdir .ssh
[b_v3infra@vistacmsdev b_v3infra]# chmod 700 .ssh
[b_v3infra@vistacmsdev b_v3infra]# cd .ssh

2) Append the public-key.tmp file to the end of the authorized_keys file using the >> append redirector with the cat command. The authorized_keys file contains a listing of all the public keys from machines that are allowed to connect to your Vistacmsdev account without a password. Versions other than RedHat/Fedora may use different filenames, use the SSH man pages to verify this. 

[b_v3infra@vistacmsdev .ssh]# cat ~/public-key.tmp >> authorized_keys
[b_v3infra@vistacmsdev .ssh]# rm ~/public-key.tmp

From now on you can use ssh and scp as user b_v3infra from server bangvst3a12l to vistacmsdev without being prompted for a password.

If it still doesn’t works check for the following thing:

· .ssh folder of the user has 700 permissions.

· .ssh/authorized_keys file should have 600 permissions.

If the above 2 condition are not met the ssh session will automatically go from Mode 3 to Mode 5 in which it will start asking for passwords.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)