Saturday, January 28, 2006

adding RSA auth

Copying and pasting from the ssh man page:

ssh implements the RSA authentication protocol automatically. The user creates his/her RSA key pair by running ssh-keygen(1). This stores the private key in $HOME/.ssh/identity and the public key in $HOME/.ssh/ in the user's home directory. The user should then copy the to $HOME/.ssh/authorized_keys in his/her home directory on the remote machine (the authorized_keys file corresponds to the conventional $HOME/.rhosts file, and has one key per line, though the lines can be very long). After this, the user can log in without giving the password.

Now copy/pasting from a mail I wrote before:

Run as whichever user you want to connect as:
ssh-keygen -t rsa

don't enter any passphrase if you want it to be automated.

copy the key file (from .ssh/ by default) to the next line of ~/.ssh/authorized_keys file of whichever
system you want to connect to. If the file doesn't exist, just copy the key
file to authorized_keys file.

And disabled password based authentication for security:

in /etc/sshd-config, the lines

PasswordAuthentication no
PermitEmptyPasswords no
KerberosOrLocalPasswd no
UsePAM no

checked it by first logging on as sgh from AfriStar playout machine, then after the changes, tried again, it said

Permission denied (publickey,keyboard-interactive)..

Could've just tried as a different user - even the root account on my local machine is denied. :-)

No comments:

Post a Comment