Password less login between client & server, server & client - SSH

This is a discussion on Password less login between client & server, server & client - SSH ; Hi, I have a question pertaining to the possibility of using ssh keys for password less logins on both the ssh client and ssh server. To explain this more directly I want my ssh client to connect to my ssh ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Password less login between client & server, server & client

  1. Password less login between client & server, server & client

    Hi,

    I have a question pertaining to the possibility of using ssh keys for
    password less logins on both the ssh client and ssh server. To explain
    this more directly I want my ssh client to connect to my ssh server and
    vice versa. Currently I have searched throughout the newsgroups and
    performed many google queries but I cannot seem to find the solution.

    I am using OpenSSH_3.0.2p1 on Solaris 8 Operating Systems on Sparc
    architecture and various models.

    To provide you with a little background I will explain the process I
    use to create a key for the ssh client. On the ssh client I create my
    public and private keys using the following steps:

    1. Login as the user that is making the connection.
    2. If not already created, mkdir .ssh in the user's home directory and
    set restrictive permissions.
    3. cd ~/.ssh
    4. Execute: /usr/local/bin/ssh-keygen -t dsa
    5. I accept the default key names, "id_dsa" and "id_dsa.pub" and hit
    enter to accept a blank passphrase.
    6. I then scp the "id_dsa.pub" to the servers .ssh directory and cat or
    copy it to "authorized_keys". I set restrictive permissions, 400 to the
    "authorized_keys" file.
    7. From the client I then type: ssh server-name and am allowed to login
    without a password.

    To allow the server to connect to the client I perform the same
    process, except rename the public and private keys to different names,
    so that I do not overwrite the key information. I scp the
    "id_dsa_server.pub" to the client and cat >> authorized_keys. This does
    not work and when I attempt to login from the server to the client I am
    then prompted for a password.

    Currently, as a temporary work around I am using an rsa key to connect
    from my client to server and a dsa key to connect from my server to
    client. I would like to find a permanent solution to this problem, as I
    have more clients that will need to connect to both the server and
    client, and vice versa again.

    Thank you in advance for any advice or help anyone can provide on this
    topic.


  2. Re: Password less login between client & server, server & client

    sky@themostnon.com wrote:
    > Hi,
    >
    > I have a question pertaining to the possibility of using ssh keys for
    > password less logins on both the ssh client and ssh server. To explain
    > this more directly I want my ssh client to connect to my ssh server and
    > vice versa. Currently I have searched throughout the newsgroups and
    > performed many google queries but I cannot seem to find the solution.
    >
    > I am using OpenSSH_3.0.2p1 on Solaris 8 Operating Systems on Sparc
    > architecture and various models.
    >
    > To provide you with a little background I will explain the process I
    > use to create a key for the ssh client. On the ssh client I create my
    > public and private keys using the following steps:
    >
    > 1. Login as the user that is making the connection.
    > 2. If not already created, mkdir .ssh in the user's home directory and
    > set restrictive permissions.
    > 3. cd ~/.ssh
    > 4. Execute: /usr/local/bin/ssh-keygen -t dsa
    > 5. I accept the default key names, "id_dsa" and "id_dsa.pub" and hit
    > enter to accept a blank passphrase.
    > 6. I then scp the "id_dsa.pub" to the servers .ssh directory and cat or
    > copy it to "authorized_keys". I set restrictive permissions, 400 to the
    > "authorized_keys" file.
    > 7. From the client I then type: ssh server-name and am allowed to login
    > without a password.
    >
    > To allow the server to connect to the client I perform the same
    > process, except rename the public and private keys to different names,
    > so that I do not overwrite the key information. I scp the
    > "id_dsa_server.pub" to the client and cat >> authorized_keys. This does
    > not work and when I attempt to login from the server to the client I am
    > then prompted for a password.


    >
    > Currently, as a temporary work around I am using an rsa key to connect
    > from my client to server and a dsa key to connect from my server to
    > client. I would like to find a permanent solution to this problem, as I
    > have more clients that will need to connect to both the server and
    > client, and vice versa again.
    >
    > Thank you in advance for any advice or help anyone can provide on this
    > topic.
    >


    You're making it more complicated than necessary. You don't need to
    juggle files like this.

    Servers only need the public key. Clients only need the private key.
    Regardless of which server you're calling the client or server, as far
    as ssh is concerned, the server is *always* the one running sshd, and
    the client is *always* the one connecting to it with ssh, putty, or
    whatever other client software you're using.

    Here's all you need to do. Create one keypair. Copy the private key to
    both servers' .ssh directory. Place the public key in both servers'
    authorized_keys file. That should be all you need.

    I would *strongly* recommend passphrase protecting your private key.
    Anyone who gets a copy of that file can authenticate as you with no
    password or passphrase on any server/account the corresponding public
    key is installed on. If you need automatic authentication with no
    keyboard intervention use an agent. With an agent you can enter your
    passphrase once and have automatic authentication every time after that.
    If your client is PuTTY use paegent. If OpenSSH, then ssh-agent and use
    ssh-add to add/list identities (private keys) to/from it. The agent will
    prompt one time for the passphrase and feed it to the client ever time
    thereafter.
    --
    To reply by email remove "_nospam"

  3. Re: Password less login between client & server, server & client

    I thought I might be making it more complicated. Your suggestion worked
    perfectly.

    Thanks for the help!


+ Reply to Thread