[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh without password for secvpn

On Wed, 2001-11-21 at 10:51, Ben Hartshorne wrote: 
> On Tue, Nov 20, 2001 at 12:27:53PM -0600, Brooks R. Robinson wrote:
> > Greetings,
> > 	I am trying to set up the secvpn package between two boxes (one potato, one
> > woody).  I have the secvpn.conf figured out, no problem.  My problem is a
> > little more basic.  I can't get ssh to connect without a password.  On both
> > boxes, I did a 'ssh-keygen' which created my '.ssh/identity' and
> > '.ssh/indentity.pub'.  I swapped the '.ssh/indentity.pub' to
> > '.ssh/authorized_keys' to each machine.
> This is the right set of files to swap for ssh v1 or 1.5
> > 	I try to connect and I am still asked a password.  I've tried it with both
> > empty passphrases and obnoxious passphrases, and I get the same result
> > (password not passphrase).  I've muddled thorough the man pages for ssh and
> > the vpn-howto, but I seem to be missing the final bit that makes it work.
> > Is my problem that I am using a mix potato and woody, or am I just missing
> > some configuration.
> Potato and woody install different versions of ssh by default.  Potato
> installs a version of ssh (1.2.3-9.3) that defaults to using protocol v1.5 (I don't
> remember if it supports 2).  Woody installs a version of ssh (2.5.2p2-3) that
> defaults to protocol v2, and it does support v1.5.  
> If you're connecting from the potato box to the woody box, it should
> work with the identity and authorized_keys.  Connecting from the woody
> box to the potato box, you need to run "ssh -1" in order to force it to
> use protocol v1.5.
> The other solution is to force both to use protocol v2, but then you
> need different key files.  They're no longer identity, identity.pub, and
> authorized_keys, but I havn't learned yet what they are.  I should
> probably do that soon...
sshkeygen -t rsa or sshkeygen -t dsa on the local computer will create
an id_rsa.pub and id_dsa.pub which can be placed in the remote
computer's authorized_keys2 file to allow passwordless logins. 


Reply to: