Re: ssh without password for secvpn
On Wed, 2001-11-21 at 10:51, Ben Hartshorne wrote:
> On Tue, Nov 20, 2001 at 12:27:53PM -0600, Brooks R. Robinson wrote:
> > Greetings,
> > I am trying to set up the secvpn package between two boxes (one potato, one
> > woody). I have the secvpn.conf figured out, no problem. My problem is a
> > little more basic. I can't get ssh to connect without a password. On both
> > boxes, I did a 'ssh-keygen' which created my '.ssh/identity' and
> > '.ssh/indentity.pub'. I swapped the '.ssh/indentity.pub' to
> > '.ssh/authorized_keys' to each machine.
> This is the right set of files to swap for ssh v1 or 1.5
> > I try to connect and I am still asked a password. I've tried it with both
> > empty passphrases and obnoxious passphrases, and I get the same result
> > (password not passphrase). I've muddled thorough the man pages for ssh and
> > the vpn-howto, but I seem to be missing the final bit that makes it work.
> > Is my problem that I am using a mix potato and woody, or am I just missing
> > some configuration.
> Potato and woody install different versions of ssh by default. Potato
> installs a version of ssh (1.2.3-9.3) that defaults to using protocol v1.5 (I don't
> remember if it supports 2). Woody installs a version of ssh (2.5.2p2-3) that
> defaults to protocol v2, and it does support v1.5.
> If you're connecting from the potato box to the woody box, it should
> work with the identity and authorized_keys. Connecting from the woody
> box to the potato box, you need to run "ssh -1" in order to force it to
> use protocol v1.5.
> The other solution is to force both to use protocol v2, but then you
> need different key files. They're no longer identity, identity.pub, and
> authorized_keys, but I havn't learned yet what they are. I should
> probably do that soon...
sshkeygen -t rsa or sshkeygen -t dsa on the local computer will create
an id_rsa.pub and id_dsa.pub which can be placed in the remote
computer's authorized_keys2 file to allow passwordless logins.