Re: ssh
On Tue, Jan 20, 2009 at 11:06 AM, David A. Parker <dparker@utica.edu> wrote:
>> Is any 'send file' command to make so that two machines (an amd64
>> multisocket and a simple i386, both lenny) talk scp with one another
>> through a router (attached to adsl) fully without asking the password?
>>
>> With 'fully' I mean that command:
>>
>> ssh target_machine_name date
>>
>> gives the date without asking a password. The mere sending id_rsa.pub
>> to create the authorized_keys file only works (without asking the
>> password) for command:
>>
>> ssh target_machine_name
>>
>> but if 'date' is also requested, the password is needed (at least in my
>> hands).
>>
>> I know how to solve the issue, i.e. by cross appending the
>> authorized_keys files, in order that each machine knows itself. But
>> there must be a simpler way.
>>
>
> That's odd. I am able to get commands to work over SSH without a password.
> I copied the contents of ~/.ssh/id_rsa.pub on my work computer into
> ~/.ssh/authorized_keys on my home computer. Now I can SSH from my work
> computer to my home computer like this:
>
> ssh me@myhomepc date
>
> And it logs into my home computer and then runs the date command. I did not
> have to do anything with the authorized_keys file on my work computer to
> make this happen.
That's all appropriate.
You only need to modify authorized_keys in both places if you want the
symmetric relationship that either machine can log into the other.
What's going on is that when you copy id_rsa.pub (or id_dsa.pub, or
some other *.pub that might be specifically configured) from host A
into ~/.ssh/authorized_keys on host B, then this authorizes
connections from A to B.
If you put that file into ~/.ssh/authorized_keys on host *A*, then
that would enable connections from B to A. Copy the data twice, and
you get two results.
As for the original poster's question about "other mechanisms," it's
certainly *possible* to come up with other ways to connect without
using a password, but that seems likely to be somewhat risky,
security-wise.
The package openssh-client includes a utility called "ssh-copy-id"
which provides a way to copy a key into ~/.ssh/authorized_keys a bit
more easily.
Typical usage would be:
$ ssh-agent bash
[this starts up an ssh agent, which ssh-copy-id needs in order to be
able to know where to get a key to copy over...]
$ ssh-add ~/.ssh/id_rsa
[this tells the ssh agent about this key. This could require entering
a password, depending on how the key was set up]
$ ssh-copy-id some-user@some-host
Password:
[You'll need to enter the password, the first time; ssh-copy-id then
copies the public key into place...]
After that, you'd be able to submit, without further password
requests, or any further copying of ssh data...
$ ssh some-user@somehost date
and get the expected result.
--
http://linuxfinances.info/info/linuxdistributions.html
Katharine Hepburn - "Death will be a great relief. No more interviews."
Reply to:
- Follow-Ups:
- Re: ssh
- From: "David A. Parker" <dparker@utica.edu>
- References:
- ssh
- From: Francesco Pietra <chiendarret@gmail.com>
- Re: ssh
- From: "David A. Parker" <dparker@utica.edu>