On Thursday 19 January 2006 22:57, Matthew Seaman wrote: > Peter wrote: > > --- Beech Rintoul <[EMAIL PROTECTED]> wrote: > >> I'm trying to set up ssh to use keys to authenticate on a remote server. > >> I've > >> always used passwords in the past. I generated a key pair and exported > >> my > >> public key to ~/.ssh/authorized_keys on the remote machine. I changed > >> sshd_config to "PasswordAuthentication no". when I login the remote > >> machine > >> still asks for a password. What do I change to just use the key to log > >> in? > > > > I'm assuming you do not want to enter anything to log in right? If so, > > you need a private key with a blank passphrase. It's hard to say from > > here but it may be that you are being prompted for the passphrase to > > unlock your private key. > > No, no, no. ssh keys with out pass-phrases are a liability. It really is > a bad idea to do that. > > What the OP should do instead is use ssh-agent -- I fire it up from > .xsession when I log into my desktop. Then load your key into the agent: > > ssh-add ~/.ssh/id_dsa > > which will require you to give the pass phrase. However, that's the one > and only time you'll need to do that. > > Then when you ssh into a box, it should auth against your key > automatically. If you take care to always use the '-A' flag when you ssh > in: > > ssh -A hostname > > then you can bounce through several machines, and the auth requests will be > relayed back to the ssh-agent on your desktop.[*] > > Cheers, > > Matthew > > [*] Agent forwarding is off by default in /etc/ssh/ssh_config (client side) > but permitted in /etc/ssh/sshd_config (server side) -- but the -A flag > overrides the client settings.
Thanks, my original problem was solved by just starting over with a new key pair. Must of had a bad key. I ran debug on the server and it said it couldn't read it even though it was there. I'll try the agent today. It'll require adding a pass-phrase to the key, but that's no problem now that I know all the configs are good. I really don't mind the final default to a password. I just hate to type it all the time. I'm using a long very cryptic pass and it gets tedious to have to enter it several times. Thanks everyone for the help and suggestions, Beech -- --------------------------------------------------------------------------------------- Beech Rintoul - System Administrator - [EMAIL PROTECTED] /"\ ASCII Ribbon Campaign | NorthWind Communications \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - Please visit Alaska Paradise - http://akparadise.byethost33.com ---------------------------------------------------------------------------------------
pgpjMJTsS1q7z.pgp
Description: PGP signature
