[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: passwordless ssh-login

Am Mo, den 01.12.2003 schrieb Vineet Kumar um 19:34:
> * Joerg Johannes (joerg_johannes@web.de) [031201 09:52]:
> > Hi everybody
> > 
> > Is it possible to use different login names on different machines in
> > combination with passwordless ssh logins? My situation is the following:
> 
> Yes, the key setup is completely independent of the username.  If it's
> not working on a particular server, it could be that the server is
> configured to disallow key-based authentication, or is just using an
> incompatible ssh daemon.

Maybe ssh -v can help you or some other expert? Here we go:

jorg@notebook-johannes:~$ ssh -v joerg@changed.this.name
OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10, SSH protocols 1.5/2.0, OpenSSL
0x0090703f
debug1: Reading configuration data /home/jorg/.ssh/config
debug1: Applying options for opteron1
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: Connecting to changed.this.name [1.2.3.4] port 22.
debug1: Connection established.
debug1: identity file /home/jorg/.ssh/identity type -1
debug1: identity file /home/jorg/.ssh/id_rsa type 1
debug1: identity file /home/jorg/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.7.1p2
debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'changed.this.name' is known and matches the RSA host key.
debug1: Found key in /home/jorg/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/jorg/.ssh/identity
debug1: Offering public key: /home/jorg/.ssh/id_rsa
debug1: Authentications that can continue:
publickey,keyboard-interactive
debug1: Trying private key: /home/jorg/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password: 
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: channel 0: request pty-req
debug1: channel 0: request shell

> On a sort of tangent, you can use your ~/.ssh/options to save yourself
> typing if you're often logging in to multiple machines with different
> usernames on each by using "nicknames" for each remote account.  For
> example, you can set up something like this:
> 
> Host chipotle
>   HostName chipotle.longhostname.longdomainname.edu
>   User jorg
> 
> Host pimiento
>   HostName pimiento.longhostname.longdomainname.edu
>   User joerg
> 
> and then "ssh chipotle" or "ssh pimiento" will do the obvious thing.
> This way, you can also specify different options such as compression or
> no, or even to connect on different ports, which can be very useful for
> saving typing when working around draconian firewalls.

This is great help, thank you. I was about to define some aliases in
~/.bashrc ...

> good times,
> Vineet

Good times will start once I understood how ssh works...

joerg
-- 
Gib GATES keine Chance!
Reply to: