Re: ssh

To: "David A. Parker" <dparker@utica.edu>
Cc: debian_amd64 <debian-amd64@lists.debian.org>
Subject: Re: ssh
From: Christopher Browne <cbbrowne@gmail.com>
Date: Tue, 20 Jan 2009 14:15:42 -0500
Message-id: <[🔎] d6d6637f0901201115k56fe0d1ck7368d92c0803b6c9@mail.gmail.com>
In-reply-to: <[🔎] 4975F66C.6020802@utica.edu>
References: <[🔎] b87c422a0901200744p41028b1bjf48ee776fd24af3d@mail.gmail.com> <[🔎] 4975F66C.6020802@utica.edu>

On Tue, Jan 20, 2009 at 11:06 AM, David A. Parker <dparker@utica.edu> wrote:
>> Is any 'send file' command to make so that two machines (an amd64
>> multisocket and a simple i386, both lenny) talk scp with one another
>> through a router (attached to adsl) fully without asking the password?
>>
>> With 'fully' I mean that command:
>>
>> ssh target_machine_name date
>>
>> gives the date without asking a password. The mere sending id_rsa.pub
>> to create the authorized_keys file only works (without asking the
>> password) for command:
>>
>> ssh target_machine_name
>>
>> but if 'date' is also requested, the password is needed (at least in my
>> hands).
>>
>> I know how to solve the issue, i.e. by cross appending the
>> authorized_keys files, in order that each machine knows itself. But
>> there must be a simpler way.
>>
>
> That's odd.  I am able to get commands to work over SSH without a password.
>  I copied the contents of ~/.ssh/id_rsa.pub on my work computer into
> ~/.ssh/authorized_keys on my home computer.  Now I can SSH from my work
> computer to my home computer like this:
>
> ssh me@myhomepc date
>
> And it logs into my home computer and then runs the date command.  I did not
> have to do anything with the authorized_keys file on my work computer to
> make this happen.

That's all appropriate.

You only need to modify authorized_keys in both places if you want the
symmetric relationship that either machine can log into the other.

What's going on is that when you copy id_rsa.pub (or id_dsa.pub, or
some other *.pub that might be specifically configured) from host A
into ~/.ssh/authorized_keys on host B, then this authorizes
connections from A to B.

If you put that file into ~/.ssh/authorized_keys on host *A*, then
that would enable connections from B to A.  Copy the data twice, and
you get two results.

As for the original poster's question about "other mechanisms," it's
certainly *possible* to come up with other ways to connect without
using a password, but that seems likely to be somewhat risky,
security-wise.

The package openssh-client includes a utility called "ssh-copy-id"
which provides a way to copy a key into ~/.ssh/authorized_keys a bit
more easily.

Typical usage would be:
$ ssh-agent bash
[this starts up an ssh agent, which ssh-copy-id needs in order to be
able to know where to get a key to copy over...]
$ ssh-add ~/.ssh/id_rsa
[this tells the ssh agent about this key.  This could require entering
a password, depending on how the key was set up]
$ ssh-copy-id some-user@some-host
Password:
[You'll need to enter the password, the first time; ssh-copy-id then
copies the public key into place...]

After that, you'd be able to submit, without further password
requests, or any further copying of ssh data...

$ ssh some-user@somehost date

and get the expected result.
-- 
http://linuxfinances.info/info/linuxdistributions.html
Katharine Hepburn  - "Death will be a great relief. No more interviews."

Reply to:

Follow-Ups:
- Re: ssh
  - From: "David A. Parker" <dparker@utica.edu>

References:
- ssh
  - From: Francesco Pietra <chiendarret@gmail.com>
- Re: ssh
  - From: "David A. Parker" <dparker@utica.edu>

Prev by Date: passwordless ssh
Next by Date: Re: ssh
Previous by thread: passwordless ssh
Next by thread: Re: ssh
Index(es):
- Date
- Thread