https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282740#M474573 <BR />ssh_known_hosts Mon, 23 May 2011 22:57:34 GMT user001 2011-05-23T22:57:34Z https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282732#M474565 <BR />Hello,<BR />I'm trying to setup passwordless login on HPUX 11.31.<BR /><BR />On our old box the ssh_config has authorized_keys commented out and its working OK.<BR /><BR />How else can you setup ssh passwordless login? I thought it could only be done using the authorized_keys file.<BR /><BR />Thank you. Fri, 20 May 2011 06:01:42 GMT https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282732#M474565 user001 2011-05-20T06:01:42Z https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282733#M474566 The authorized_keys file is used by sshd, not by the ssh client. So you'll find the configuration in sshd_config, not in ssh_config.<BR /><BR />Furthermore, the built-in default for user's authorized_keys file is $HOME/.ssh/authorized_keys. It's often included in commented form in sshd_config to document the factory default settings.<BR /><BR />To stop SSH passwordless logins, you must explicitly set "PubkeyAuthentication no" (for SSH protocol version 2) and "RSAAuthentication no" (for SSH protocol version 1 which you shouldn't be using anyway).<BR /><BR />MK Fri, 20 May 2011 07:02:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282733#M474566 Matti_Kurkela 2011-05-20T07:02:37Z https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282734#M474567 First generate a key for user, login as the user: <BR />cd $HOME <BR />mkdir .ssh <BR />chmod 700 .ssh <BR />cd .ssh <BR />ssh-keygen -b 1024 -t dsa -f identity <BR /><BR />copy the identity.pub file on other machine.<BR /><BR />$HOME/.ssh//identity.pub &gt;&gt; <REMOTE_MACHINE>:$HOME/<REMOTE_USERNAME>/.ssh/authorized_keys <BR /><BR />permissions must be 600.</REMOTE_USERNAME></REMOTE_MACHINE> Fri, 20 May 2011 12:59:42 GMT https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282734#M474567 AwadheshPandey 2011-05-20T12:59:42Z https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282735#M474568 <!--!*#-->&gt; [...] the ssh_config has authorized_keys<BR />&gt; commented out and its working OK.<BR /><BR />As the comments in the file should explain,<BR />many SSH configuration files are supplied<BR />with the default settings shown by comments.<BR />So, removing the "#" from such a line may do<BR />approximately nothing. If you wanted to<BR />store your authorized-key data in a file with<BR />some other path/name, _then_ you might want a<BR />non-comment "authorized_keys" directive in<BR />that file.<BR /><BR />&gt; On our old box [...]<BR /><BR />As usual, adding "-v" (or "-vv", ...) to a<BR />working "ssh" (client) command can reveal<BR />what the thing is doing, and (with enough<BR />v's) the "ssh" diagnostic messages might<BR />mention the use of "authorized_keys" (or<BR />whatever), but if the SSH server is the one<BR />who cares, then you might not hear about it<BR />from the client side. Fri, 20 May 2011 13:19:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282735#M474568 Steven Schweda 2011-05-20T13:19:32Z https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282736#M474569 <BR />Hi,<BR /><BR />thanks for the replies.<BR /><BR />I guess i'm looking for alernate ways other than the authorized_keys file. I know how this one works.<BR /><BR />I have a couple of HPUX currently connecting without passwords and without the authorized_keys file. So something else is happening here, i think it has something to do with the .shosts file.<BR /><BR />I'll keep looking into it.<BR /><BR />Thank you. Sun, 22 May 2011 20:57:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282736#M474569 user001 2011-05-22T20:57:09Z https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282737#M474570 <!--!*#-->&gt; I have a couple of HPUX currently<BR />&gt; connecting without passwords and without<BR />&gt; the authorized_keys file. So something else<BR />&gt; is happening here, [...]<BR /><BR />&gt; As usual, adding "-v" (or "-vv", ...) to a<BR />&gt; working "ssh" (client) command can reveal<BR />&gt; what the thing is doing, [...]<BR /><BR />Still true.<BR /><BR />&gt; i think it has something to do with the<BR />&gt; .shosts file.<BR /><BR />There is a "hostbased" authentication scheme,<BR />which you could be using. I don't use it, so<BR />I know nothing, but it sounds plausible here.<BR />Inspection of that "-v[v[v]]" diagnostic<BR />output really might be helpful. Honest. Sun, 22 May 2011 21:13:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282737#M474570 Steven Schweda 2011-05-22T21:13:10Z https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282738#M474571 <BR />Got it working.<BR /><BR />I think i'll be ditching hostbased auth seems less secure than exchanging both host keys on the servers?<BR /><BR />i had to import the key into ssh_host_key.<BR /><BR />Thank you.<BR /> Sun, 22 May 2011 23:54:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282738#M474571 user001 2011-05-22T23:54:53Z https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282739#M474572 <!--!*#-->&gt; I think i'll be ditching hostbased auth<BR />&gt; seems less secure than exchanging both host<BR />&gt; keys on the servers?<BR /><BR />I see a question mark, but I don't see a<BR />question. Have you a question?<BR /><BR /><BR />&gt; i had to import the key into ssh_host_key.<BR /><BR />You may think that this conveys some useful<BR />information, but you may be wrong.<BR /><BR /><BR />Using "hostbased" authentication can make<BR />sense if you can be sure that any user on one<BR />system should be allowed access (as that same<BR />user) on another system. In that situation,<BR />it can save much effort because each user is<BR />not required to create and distribute his<BR />own private and public keys. If you want<BR />more fine-grained (per-user) control over<BR />access, then it may be less useful. Mon, 23 May 2011 14:46:44 GMT https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282739#M474572 Steven Schweda 2011-05-23T14:46:44Z https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282740#M474573 <BR />ssh_known_hosts Mon, 23 May 2011 22:57:34 GMT https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282740#M474573 user001 2011-05-23T22:57:34Z https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282741#M474574 <!--!*#-->&gt; ssh_known_hosts<BR /><BR />Thanks for that wonderfully concise<BR />explanation. Future readers are certain to<BR />appreciate its value. Tue, 24 May 2011 13:02:00 GMT https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282741#M474574 Steven Schweda 2011-05-24T13:02:00Z https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282742#M474575 <BR />i had to put something in....the answer is in previous post seemed pointless repeating myself. Tue, 24 May 2011 22:35:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/passwordless-login/m-p/5282742#M474575 user001 2011-05-24T22:35:38Z