> > Hi,
> > I've been trying to create a rsa or dsa keypair so I can login from a
> > client to my linux server at home without having to type a password
> > everytime. I have read vaious documents and tried various things, but I
> > can't seem to get it to work.
> > Here is wat I understand of it. First of all I have to generate the key
> > pair on the client. I don't know which is better, dsa or rsa. but I have
> > tried both. So for a dsa keypair I do: ssh-keygen -t dsa
> > this will create an id_dsa and an id_dsa.pub file. I scp teh id_dsa.pub
> > file to the server machine. On that machine I add the contents of this
> > file to the authorized_keys file. In fact I have just renamed it the
> > last time because I didn't want all the old stuff in that file. I
> > figured it might mess things up.
> > After that I should be able to log in to the server without a password.
> > I do have to specify a passphrase, but that should be solvable with
> > ssh-agent or something. didn't get to the point where I wanted to try
> > But for some reason I cannot login this way. I need to specify a
> > password anyway everytime. No matter what I try.
> > Can anybody tell me what I am doing wrong, or point me to a realy good
> > site, not one that covers only half of it, and another site which
> > explains things totaly different. I also came acros a site which told me
> > to create the keypair on the server, and distribute the id_rsa file to
> > the client. But that means you have to send it to all the clients from
> > which you would want to be able to login. Which doesn't make much sense
> > I think.
> i think what you have done so far is correct, however i am recalling
> from somewhere that DSA keys will only work with SSH 2 (someone might like
> to confirm this). anyway, you should only use SSH2 because SSH1 isnt as
> secure. your key generation is correct. copy the id_dsa.pub over to the
> server you want to connect to, and cat it into an authorised_keys2 file in
> the .ssh directory of the user you wish to login as, i.e.
> cat /home/someuser/.ssh/id_dsa.pub >> /home/someuser/.ssh/authorized_keys2
> in your /etc/ssh/sshd_config, modify the first couple of entries...
> Protocol 2
> ListenAddress X.X.X.X
> where X.X.X.X is the ip address you want the ssh service to listen on.
> (important if your machine has multiple NIC's or virtual IP's), and the
> protocol option forces only secure ssh2 connections.
> make sure
> RSAAuthentication yes
> and that
> PasswordAuthentication no
> and modify the other options as you see fit, restart sshd via
> /etc/init.d/sshd restart, or via other init scripts that you have created
> If you are using ssh from the command line to connect to the server then
> will need to force the second protocol via
> ssh -2 -p 22 X.X.X.X
> -p is port that ssh is runing on
> if you are running Secure CRT from a windows box (very handy), then you
> first need to create a public protocol 2 key from Secure CRT. you then
> this over to your ssh server and in the home directory run the following
> ssh-keygen -X -f secure-crt.pub >>authorized_keys2
> which strips the key and adds it to the authorized file.
> > Another thing which bothers me is that as far as I figured out, the
> > username of the account on the server should be the same of the username
> > with which you are logged in on the client. Is this correct or am I
> > doing something really wrong here also?
> > Any help would be appreciated.
> > Mark
Thanks, this helped a lot.
I didn't change that much, but I changed the group owner of the ~/.ssh which
was set incorrect. and I made a ~/.ssh/authorized_keys, and a hardlink to
that file called ~/.ssh/authorized_keys2. I don't know what did the trick,
but it works.
But now I have another problem. I am able to setup the ssh-agent by putting
a script in my .bash_profile. After that I can do a ssh-add, Then it promts
for my passphrase. If I enter it, and I ssh to the server, it works perfect.
But, when I close my shell and login again. I need to do ssh-add again or it
wont work. This is not realy what I'd expect. I don't see much advantage
using it this way.
Again I am probably doing something wrong. I have read the man pages for
ssh-agent and ssh-add, but I connot find anything about this. I know it is
also possible to have ssh-agent to be the ancestor of an x-session. This way
all applications can use the keys from this agent. This will probably work
until you logout or restart your x-session. So you'd keep on strugling with
the same problems.
Any help would again be appreciated.