[ Bloke.com || Linux || JavaScript || Java || Volleyball || Link Me ]
Free: [ Guestbook || MessageBot || Plugins || Counter || AusPrices || Advertise ]
www.bloke.com

Home - Linux - ssh/scp

Setting up ssh without a password.

Yeah it's bad, lots of info on the newsgroups as to why it's bad, but for us, it's about stopping passwords going across int he clear text. This is the level of security that we require. I don't recommend you do this, there are security issues, and you should do such things without understand the security implications. 

ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ""
cat id_rsa.pub >> authorized_keys2
copy the authorized_keys2 to the other machine (just cat it to the end)
Also check /etc/ssh/ssh_config, basically look for "PubkeyAuthentication yes" (and in sshd_config). Also useful is ssh -v, and "LogLevel DEBUG" in sshd_config.

Use the following files are your own risk, you may open up security holes.

My /etc/ssh/ssh_config (nothing exciting here) 

[cameron@jack cameron]$ cat /etc/ssh/ssh_config
#	$OpenBSD: ssh_config,v 1.9 2001/03/10 12:53:51 deraadt Exp $

# This is ssh client systemwide configuration file.  See ssh(1) for more
# information.  This file provides defaults for users, and the values can
# be changed in per-user configuration files or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for various options

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsAuthentication no
#   RhostsRSAAuthentication yes
#   RSAAuthentication yes
My /etc/ssh/sshd_config 
#	$OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# This is the sshd server system-wide configuration file.  See sshd(8)
# for more information.

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin no
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
#PrintLastLog no
KeepAlive yes

# Logging
SyslogFacility AUTHPRIV
LogLevel INFO
#obsoletes QuietMode and FascistLogging

RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Uncomment to disable s/key passwords 
#ChallengeResponseAuthentication no

# Uncomment to enable PAM keyboard-interactive authentication 
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

#CheckMail yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes

Subsystem	sftp	/usr/libexec/openssh/sftp-server
If you change this file you should do /etc/rc.d/init.d/sshd restart Also check your firewall to make sure that ssh is allowed.

faster ssh
When doing scp or ssh, you can use the -C command line option to speed up commands and copies. The cool thing is that you can run this for a normal shell, so if you do: 

[cameron@tiger cameron]$ ssh -C machine.host.com
Then the connection will actually run faster (and, as a side effect, is actually slightly more secure).

Last Change: Monday, 10-Jan-2005 07:41:49 EST

Disclaimer

The information provided within these pages is provided AS IS, and without any warranty. Following these directions may (but not limited to) crash your computer, delete all the information on your hard disk, open up security holes or cause your house to burn down. I made these pages to provide some information about the setup that I have done, but I did not proofread it for correctness, and in most cases did not test it. There are commands in these pages that would definately delete or corrupt all the data on your computer (especially the dualboot section). In fact it happened to me.... So you are on your own!

Cameron Gregory