Problem With Gentoo Keychain and SSH

Ive done what you wish to do.

Attached is a cookbook to help.

SEP

You can use quick login with ssh client keys.
Check this link:
http://hacks.oreilly.com/pub/h/66

Regards,
Sergejs

Steve,

I ran through the procedure that you sent me, but unfortunately I was still prompted for a password from both the linux server and the hp-ux box.

Andrew,

there are two things here - one is the login password, the other is pass-phrase for your key. Create a key without pass-phrase if you want a totally automated login procedure.

You can also use ssh-agent which provides greater flexibility. See man page for more info.

HTH,
Goran

Let me point out that you absolutely MUST set the ownership and permissions as I wrote in the procedure that Stephen Protter posted. Failing to do so results in the symptoms you mention: that you get prompted for a password.

Chris

Chris,

Thanks for your e-mail. I checked the permission settings on the user's home directory as well as the .ssh directory. Everything matches up ac-cording to your instructions. I'm not sure why this isn't working.

Andrew,

I am by no means an expert in this area but I outline my "solution" to the problem you describe - assuming you haven't solved it since your last message.

I have had a very similar
problem using Keychain 2.0.2 running on Red Hat Linux 8.0; following each of the steps you have outlined, and those described by Chris (re directory permissions). My links are between three linux PCs.

I have managed to perform the passwordless connections to each machine. After much searching WWW, I came across some instructions by Dennis Gallard at http://oceanpark.com/notes/howto_ssh_keychain_public_key_authentication_forwarding.html.
In particular I followed the instructions for modifying the ssh_config and sshd_config files. I then initiated keychain and used ssh-add to add my keys. Ensured that the authorised_keys/2 files were the same on each box. Once this was completed I found that I had the sought after "passwordless" connections.

But - there has to be one -:

I find that each time I start a new xterm window I have source the ~/.keychain/*-sh file.

I also note that on one of my linux boxes each time I re-login, keychain or "some process" initiates a new ssh-agent but the file ~/.keychain/*-sh is not updated.

I find that keychain does not stop all ssh-agent process nor does it delete all the files of the form /tmp/ss-XX??????/agent.PID

I have not yet tried running ssh from a cron job. I need to connect automatically to each machine for data transfers - for security reasons the machines are not cross-mounted - so scp was deemed better than ftp.

Hope this makes sense and is of assistance to you.

Regards,

Andrew K Mirza

I don't know what a gentoo keychain is. But I have the same problem with getting ssh to let me go from box A to B without a password.
I looked at the attached text and got the gist of the help. But the text did not work as written.
Here are things that kept it from working:

I am a user on box A, trying to get to box B.
step 0. I verify box A and box B have their name's resolved properly. In my case, box B did not recognize the Box A's hostname. (and visa-versa).

1. I make id_dsa.pub. How?
/opt/ssh/bin/ssh-keygen -t dsa

2. I mess around with the user's directory on box B.
B User's home directory: rwx r-x r-x.
B User's ssh directory: rwx --- ---.

3. APPEND A user's id_dsa.pub text into B user's .ssh/authorized_keys2.
B User's .ssh/authorized_keys2 r-- --- ---.

4. NOW... I try it.
from A> ssh -2 user@B
I get a request for a pass phrase instead of a password.
For me, the thing that kept it dying was the permissions on the user's home directory. But (ssh -vvv) didn't tell me that. EXPERIMENTATION found it.

hope this helps.
Steve

remember points????