Operating System - HP-UX
1833866 Members
2769 Online
110063 Solutions
New Discussion

Re: ssh without asking for the password

 
Sergejs Svitnevs
Honored Contributor

ssh without asking for the password

I have 10 unix machines and many users on each machine. And they need to be able to log from one host to another without password.
Is the a simple way to allow password-less logins via ssh2 for multiple users on multiple machines?

Sergejs
P.S.
1. I already have "Using H/P's Secure Shell & Secure Copy" doc.
2. I understand that password-less logins is a security risk.
2 REPLIES 2
Joseph Loo
Honored Contributor

Re: ssh without asking for the password

hi,

you may like to read this post:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=244540

glad that you acknowledged the security risk involve without password authentication.

regards.
what you do not see does not mean you should not believe
Sundar_7
Honored Contributor

Re: ssh without asking for the password

1) Setup the client to try host based authentication if the
server offers it:

Edit /opt/ssh/etc/ssh_config (or $HOME/.ssh/config) by adding a new
line:

HostbasedAuthentication yes


2) Copy the clients public DSA host key to the server:

scp /opt/ssh/etc/ssh_host_dsa_key.pub server:/opt/ssh/etc/client.key

NOTE: Be careful to not accidentally overwrite the server host key!

3) On the server add the client host key copied over in step 2 to
the servers file /opt/ssh/etc/ssh_known_hosts. If the file does
not exist, you can create it with owner root and mode 600. When
adding the client's public key, it must be preceded with the clients
hostname as:

client.mydomain.com ssh-dss AAAAB3NzaC1kc3M.....

^^^^^^^^^^^^^^^^^^^ The clients (canonical) hostname needs to be added
manually !

4) On the server, add the clients hostname (and optionally a user name)
to one of:

/opt/ssh/etc/shosts.equiv*
/etc/hosts.equiv*
$HOME/.rhosts**
$HOME/.shosts**

* For the "root" user SSH cannot grant access to the "root" account
via /etc/hosts.equiv or /opt/ssh/etc/shosts.equiv; you must use
~root/.[rs]hosts. Remember to set "IgnoreRhosts no".

** These files may be used only if the server has been configured
to allow them via the sshd option "IgnoreRhosts no". By default,
they will be ignored.


Using the file "/opt/ssh/etc/shosts.equiv" is generally the best option as
it enables ssh host based authentication without potentially also enabling
automatic login for remote shell and rlogin.

Example:
$ cat /opt/ssh/etc/shosts.equiv
client.mydomain.com wilford
$

5) On the server, enable host based authentication by editing
/opt/ssh/etc/sshd_config:

Change:
#HostbasedAuthentication no
To:
HostbasedAuthentication yes

6) On the server, force the ssh daemon to re-read the configuration file

$ kill -HUP `cat /var/run/sshd.pid`

Learn What to do ,How to do and more importantly When to do ?