Here's a page from my system documentation that gives a step-by-step how to. (To the hackers lurking on this list, I do NOT do this on systems accessible from the internet, only those inside the firewalls.) 7.00 Using SSH and SCP without passwords 7.10 From a Linux system To use ssh or scp between Linux systems without using a password, you must have the authorization files in place on both systems. Use this procedure to get the files generated and copied to the correct locations. Be VERY aware of the source and destination systems as you read through this documentation. Log in to host you want to connect FROM as user you want to be when connect-ING # cd .ssh # ssh-keygen -t rsa # scp id_rsa.pub <Target_System>:/root/.ssh/from-<Source_System> Log in to host you want to connect TO as user you want to be when connect-ED # ssh <User_Name>@<Target_System> # cd .ssh If there is an existing authorized_keys2 file... # cat from-<Source_System> >> authorized_keys2 If there is no file yet... # mv from-<Source_System> authorized_keys2 # chmod 600 authorized_keys2 >From now on, these commands will not require a password: ssh <User_Name>@<Target_System> scp <filename> <Target_System>:<filename> To add another target system, do not re-generate the keys! This will invalidate the keys you already have in place. Simply copy the id_rsa.pub file to the new target system and continue with the procedure as listed above. 7.20 From a Windows system To use Putty to automatically authenticate to Linux systems, you must create keys from your system using Puttygen, and then run the Putty authentication agent, Pagent, to load the keys for Putty to use. To generate a set of keys for your system, start the Puttygen application, and click the Generate button. Move your mouse around in the blank area to generate random noise which is the encryption seed. After a few seconds you will see Puttygen create your key set. In the Key comment field, type your network login name. This is simply for identification of the key, it is not used for authentication or identification of the user. Underneath the Key comment field, you can enter a pass phrase to encrypt your private key, or leave the entries blank to store the key unencrypted. The public keys are never encrypted since they are truly public information. Next, save the two keys in a secure location. Save your private key as your network login name with a .pri extension, and your public key with a .pub extension. Finally, copy the public key from the top of the window into the clipboard for pasting in the next step. Use SSH to log into a remote Linux system as the user you want to use without a password. Change to the .ssh directory. # cd .ssh Edit the authorized_keys2 file. # pico authorized_keys2 Paste the key from the clipboard to the end of the file by clicking the right mouse button inside the Putty window. Make sure the key you just pasted is on its own line. Save the file and exit. IMPORTANT!!! Verify the permissions are correct on the file. # chmod 600 authorized_keys2 You can now log out of the Linux system. Now configure Pagent to start automatically. Create a shortcut to the pagent.exe program in your startup menu folder. Edit the properties and make the Target entry look like this: "C:\Program Files\putty\pageant.exe" "C:\Program Files\putty\<key file name.pri>" Note the double-quotes around two separate sections. You should only have to enter the second section. Save the properties and execute the shortcut. You should see a computer with a hat in your system tray next to the clock. Right-click on the pagent icon and choose View keys. You should see your private key listed. Finally, set up Putty to use the keys you have created. Start Putty and Load, but do not open, the profile for the system you copied your public key to above. In the left pane, click on SSH. Click the radio button to chose SSH protocol version 2. Click on Auth, just below the SSH item on the left. Click on the Browse button to locate and double-click on your private key file. Very important! Click on Session in the left pane and click Save or your edits here will be lost. To log in to the system, click Open. You may get a dialog about a new fingerprint. That's OK, accept it. Enter the username you used above. You should not be asked for a password, it should load the security key from the agent and allow you in. >>> jpc@scooby.jaycrews.com 02/20/03 10:57AM >>> Toni Erdmann writes.... > > > ssh can be configured to run without passwords, just with secret keys > and trusted host/users. But I haven't done this yet. Same here. I still use the password, but want to set mine up to use the keys (PGP I assume?), and such. If anyong knows a good "How-To" on that, or wants to start a new threat with instructions, inquiring minds, want to know. (I'm totally lost on the whole PGP concept.) -- Jay Crews jpc@jaycrews.com -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
