[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh without password for secvpn

On Tue, Nov 20, 2001 at 12:27:53PM -0600, Brooks R. Robinson wrote:
> Greetings,
> 	I am trying to set up the secvpn package between two boxes (one potato, one
> woody).  I have the secvpn.conf figured out, no problem.  My problem is a
> little more basic.  I can't get ssh to connect without a password.  On both
> boxes, I did a 'ssh-keygen' which created my '.ssh/identity' and
> '.ssh/indentity.pub'.  I swapped the '.ssh/indentity.pub' to
> '.ssh/authorized_keys' to each machine.

This is the right set of files to swap for ssh v1 or 1.5

> 	I try to connect and I am still asked a password.  I've tried it with both
> empty passphrases and obnoxious passphrases, and I get the same result
> (password not passphrase).  I've muddled thorough the man pages for ssh and
> the vpn-howto, but I seem to be missing the final bit that makes it work.
> Is my problem that I am using a mix potato and woody, or am I just missing
> some configuration.

Potato and woody install different versions of ssh by default.  Potato
installs a version of ssh (1.2.3-9.3) that defaults to using protocol v1.5 (I don't
remember if it supports 2).  Woody installs a version of ssh (2.5.2p2-3) that
defaults to protocol v2, and it does support v1.5.  
If you're connecting from the potato box to the woody box, it should
work with the identity and authorized_keys.  Connecting from the woody
box to the potato box, you need to run "ssh -1" in order to force it to
use protocol v1.5.
The other solution is to force both to use protocol v2, but then you
need different key files.  They're no longer identity, identity.pub, and
authorized_keys, but I havn't learned yet what they are.  I should
probably do that soon...


Ben Hartshorne	...Discarding smoothly, as we disembark,
ben@hartshorne.net All thoughts that held us wiser for a moment
ben.hartshorne.net Up there, alone, in the impartial dark. -M. Oliver
My PGP key is at /pgp.txt.  Please encrypt all communications.

Attachment: pgpsdEnSENTJd.pgp
Description: PGP signature

Reply to: