Re: SSH - Direct login without password - Beginner Question
From: Doug O'Leary (dkoleary_at_olearycomputers.com)
Date: 06/21/05
- Next message: Paul Pluzhnikov: "Re: Getting path of a shared object from inside it"
- Previous message: Sun: "Re: Move Filesystems"
- In reply to: underh20: "SSH - Direct login without password - Beginner Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 21 Jun 2005 06:30:01 -0700
On 2005-06-21, underh20 <humphrey.c.chan@gmail.com> wrote:
>
>
> Hi,
>
> I am a beginner in setting up SSH. Our server "atlantis" is
> running commercial SSH Tectia Server 4.1.0 with Solaris 8.
> Our other server "trojan" is running openSSH. We are trying to ssh
> from trojan to atlantis directly without the root password request. How
> does one do it ?
Hey;
There's a couple of areas that might be messing you up - either
individually or in combination.
First, to do what you want, you have to ensure root is allowed to log
directly via ssh. Under openssh, the file to modify would be sshd_config
and the parameter is PermitRootLogin - set that to without-password
to allow only public key authentication. You'll have to consult
the sshd_config man page for your commercial version to find out if that
parameter is the same or is different.
Second, you have to ensure you have generated and disseminated public
keys using ssh-keygen. Skipping root, for the moment, configure a
non-root account on the target system to use the public key. If you
can log in there, without a password, you're good.
Third, your commercial version of ssh is probably ssh2 standard. Openssh
uses it's own version of ssh keys. You will probably have to export
the openssh public key to a ssh2 compliant version using ssh-keygen.
For instance, my public dsa key looks like:
ssh-dss AAAAB3NzaC1kc3MAAACBAJaQsBA5ZnXZyFeHFRdh6Ksa6llW5Gcv+C24Uf
<<large snip>>
b72aIgf8VwrY2oRwlCBUqty0Jg== dkoleary@localhost
To convert that to a standard ssh2 key:
$ ssh-keygen -e -f ./id_dsa.pub
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "1024-bit DSA, converted from OpenSSH by dkoleary@localhost"
AAAAB3NzaC1kc3MAAACBAJaQsBA5ZnXZyFeHFRdh6Ksa6llW5Gcv+C24UfV3g12Pjb+r1u
N37NIFuHRPbi8bXlD3c6MQ8zPQB1+NRGmCrJ9N8LcDnzgQoKo6+anrbrGoPxJPL86QR9I6
bdGitzj5cECLMT14gsMVxDzWwtXMkai8yCRElgo2Gw8iBuXmn0ErAAAAFQD4vEF+MI+lsF
UlsR/Jg+CkbQIXAQAAAIAEKcXcPct0pS2RboFQ4m4sEWVMF8PjVbk+uxWNkWp9WLSld1wt
RLjHpkn9ksh9D9tn6qqUdHaRTfk2w/08ARlG//Psg2xwoT2ueNCjMpCG1P+sEvyENZ70Rg
La+NSPS0oCwj3vbxwNmpVcRkhmL4qhUbylGSQ+/gbOxKgOpaK7MAAAAIBzJbRgaZ7f/JII
nkhHk7tEiqIWCVq/RUo1qz0Y9ldI8W3scvrm7AHnZUj6h95ufeVuUqrt2n0EHpRNv2rlI2
mqERPVgotoBuXWIoc7+AbRW29QBg+EaKuZh02EeP/cXCHsYmT8WN6322K6Zwonb72aIgf8
VwrY2oRwlCBUqty0Jg==
---- END SSH2 PUBLIC KEY ----
My suggestion on how to proceed from here:
1. Update, if necessary, the commercial version of sshd_config
to allow direct root login via public key authenticationn.
2. Use an account on that system to generate a public key. Update
the account to use public key authentication, then ssh localhost
to see if you get a passphrase request. Troubleshoot as necessary.
3. Once you have that working, update the root account's authorized_keys
and see if you can ssh -l root localhost to see if you get a
passphrase request. Troubleshoot as necessary.
4. On the openssh box, export a openssh public key then disseminate
it to the non-root user on the commmercial ssh box. Verify you
get a passphrase request. Troubleshoot as necessary.
5. Once all that's done, update the root's account to enable the
openssh user to login as root. Troubleshoot as necessary.
Once all those things are done, you can then do a google search for
directions on ssh-agent which will allow you to authenticate your
passphrase and cache it in memory. Using that, you can then use
public key authentication without having to constantly type your
passphrase.
You can send an email directly if you'd have specific questions.
HTH;
-- Doug O'Leary -------- Senior UNIX Admin O'Leary Computer Enterprises dkoleary@olearycomputers.com (w) 630-904-6098 (c) 630-248-2749 resume: http://home.comcast.net/~dkoleary/resume.html
- Next message: Paul Pluzhnikov: "Re: Getting path of a shared object from inside it"
- Previous message: Sun: "Re: Move Filesystems"
- In reply to: underh20: "SSH - Direct login without password - Beginner Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
