HPE Community
Operating System - HP-UX
1820090 Members
2867 Online
109608 Solutions
New Discussion юеВ

Passwordless login

 
SOLVED
Go to solution
user001
Frequent Advisor

тАО05-19-2011 11:01 PM

тАО05-19-2011 11:01 PM

Passwordless login


Hello,
I'm trying to setup passwordless login on HPUX 11.31.

On our old box the ssh_config has authorized_keys commented out and its working OK.

How else can you setup ssh passwordless login? I thought it could only be done using the authorized_keys file.

Thank you.
0 Kudos
10 REPLIES 10
Matti_Kurkela
Honored Contributor

тАО05-20-2011 12:02 AM

тАО05-20-2011 12:02 AM

Re: Passwordless login

The authorized_keys file is used by sshd, not by the ssh client. So you'll find the configuration in sshd_config, not in ssh_config.

Furthermore, the built-in default for user's authorized_keys file is $HOME/.ssh/authorized_keys. It's often included in commented form in sshd_config to document the factory default settings.

To stop SSH passwordless logins, you must explicitly set "PubkeyAuthentication no" (for SSH protocol version 2) and "RSAAuthentication no" (for SSH protocol version 1 which you shouldn't be using anyway).

MK
MK
0 Kudos
AwadheshPandey
Honored Contributor

тАО05-20-2011 05:59 AM

тАО05-20-2011 05:59 AM

Re: Passwordless login

First generate a key for user, login as the user:
cd $HOME
mkdir .ssh
chmod 700 .ssh
cd .ssh
ssh-keygen -b 1024 -t dsa -f identity

copy the identity.pub file on other machine.

$HOME/.ssh//identity.pub >> :$HOME//.ssh/authorized_keys

permissions must be 600.
It's kind of fun to do the impossible
0 Kudos
Steven Schweda
Honored Contributor

тАО05-20-2011 06:19 AM

тАО05-20-2011 06:19 AM

Re: Passwordless login

> [...] the ssh_config has authorized_keys
> commented out and its working OK.

As the comments in the file should explain,
many SSH configuration files are supplied
with the default settings shown by comments.
So, removing the "#" from such a line may do
approximately nothing. If you wanted to
store your authorized-key data in a file with
some other path/name, _then_ you might want a
non-comment "authorized_keys" directive in
that file.

> On our old box [...]

As usual, adding "-v" (or "-vv", ...) to a
working "ssh" (client) command can reveal
what the thing is doing, and (with enough
v's) the "ssh" diagnostic messages might
mention the use of "authorized_keys" (or
whatever), but if the SSH server is the one
who cares, then you might not hear about it
from the client side.
0 Kudos
user001
Frequent Advisor

тАО05-22-2011 01:57 PM

тАО05-22-2011 01:57 PM

Re: Passwordless login


Hi,

thanks for the replies.

I guess i'm looking for alernate ways other than the authorized_keys file. I know how this one works.

I have a couple of HPUX currently connecting without passwords and without the authorized_keys file. So something else is happening here, i think it has something to do with the .shosts file.

I'll keep looking into it.

Thank you.
0 Kudos
Steven Schweda
Honored Contributor

тАО05-22-2011 02:13 PM

тАО05-22-2011 02:13 PM

Re: Passwordless login

> I have a couple of HPUX currently
> connecting without passwords and without
> the authorized_keys file. So something else
> is happening here, [...]

> As usual, adding "-v" (or "-vv", ...) to a
> working "ssh" (client) command can reveal
> what the thing is doing, [...]

Still true.

> i think it has something to do with the
> .shosts file.

There is a "hostbased" authentication scheme,
which you could be using. I don't use it, so
I know nothing, but it sounds plausible here.
Inspection of that "-v[v[v]]" diagnostic
output really might be helpful. Honest.
0 Kudos
user001
Frequent Advisor

тАО05-22-2011 04:54 PM

тАО05-22-2011 04:54 PM

Re: Passwordless login


Got it working.

I think i'll be ditching hostbased auth seems less secure than exchanging both host keys on the servers?

i had to import the key into ssh_host_key.

Thank you.
0 Kudos
Steven Schweda
Honored Contributor

тАО05-23-2011 07:46 AM

тАО05-23-2011 07:46 AM

Solution

Re: Passwordless login

> I think i'll be ditching hostbased auth
> seems less secure than exchanging both host
> keys on the servers?

I see a question mark, but I don't see a
question. Have you a question?


> i had to import the key into ssh_host_key.

You may think that this conveys some useful
information, but you may be wrong.


Using "hostbased" authentication can make
sense if you can be sure that any user on one
system should be allowed access (as that same
user) on another system. In that situation,
it can save much effort because each user is
not required to create and distribute his
own private and public keys. If you want
more fine-grained (per-user) control over
access, then it may be less useful.
0 Kudos
user001
Frequent Advisor

тАО05-23-2011 03:57 PM

тАО05-23-2011 03:57 PM

Re: Passwordless login


ssh_known_hosts
0 Kudos
Steven Schweda
Honored Contributor

тАО05-24-2011 06:02 AM

тАО05-24-2011 06:02 AM

Re: Passwordless login

> ssh_known_hosts

Thanks for that wonderfully concise
explanation. Future readers are certain to
appreciate its value.
0 Kudos
user001
Frequent Advisor

тАО05-24-2011 03:35 PM

тАО05-24-2011 03:35 PM

Re: Passwordless login


i had to put something in....the answer is in previous post seemed pointless repeating myself.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.