This content has been marked as final. Show 7 replies
user13376823 wrote:I don't think you should be doing this. I can't see the point of adding the private key and adding the public key means the "Site" can ssh to itself without needing a password!
There are two servers :
from site server i want to connect testing server with ssh password less authentication.
i generated public and private keys with ssh-keygen -t rsa on site server.
cat id_rsa >> authorized_keys
cat id_rsa.pub >> authorized_keys
i appended id_rsa.pub ( public key site server ) to authorized_keys ( testing server ) with below command .I would expect you to add the RSA public key to the "authorized_keys2" file and not the "authorized_keys" file.
ssh firstname.lastname@example.org "cat >> ~/.ssh/authorized_keys" < ~/.ssh/id_rsa.pub
am i missing some point in performing procedure for ssh password less authentication ?
because it prompts for passwords agaian and again
Edited by: user13376823 on Oct 9, 2012 9:30 AM
The following should work:
On the local system:
mkdir -p ~/.ssh
chmod 700 ~/.ssh
rm -f ~/.ssh/id_dsa
ssh-keygen -t dsa -N "" -f ~/.ssh/id_dsa
ssh username@remotehost "mkdir -p .ssh; chmod 700 .ssh"
ssh username@remotehost "echo "$KEY" >> .ssh/authorized_keys"
ssh username@remotehost "chmod 644 .ssh/authorized_keys"
The next login to username@remotehost should no longer prompt for a password.
There is also the "ssh-copy-id utility", which can simplify the process, but it is not available on all systems.
Version 1 of the ssh protocol supported only RSA keys. Version 2 of introduced DSA, which is an opensource patent-free implementation. The RSA patent has expired, but as far as I know, tools like cURL and SFTP require DSA.
For instance: http://www.openssh.com/txt/release-3.0
1) SSH protocol v2 is now the default protocol version
use the 'Protocol' option from ssh(1) and sshd(8) if
you need to change this.
2) The files
are now obsolete, you can use
For backward compatibility ~/.ssh/authorized_keys2 will still used for
authentication and hostkeys are still read from the known_hosts2.
However, those deprecated files are considered 'readonly'. Future
releases are likely not to read these files.