[CentOS] Antwort: Re: Passwordless ssh

Frank.Brodbeck at klingel.de Frank.Brodbeck at klingel.de
Tue Feb 2 10:54:22 UTC 2010


"Gregory P. Ennis" <PoMec at PoMec.Net>  schrieb am 02.02.2010 04:27:52: 
> #1. If you change anything in sshd_config you must restart sshd before
> your changes will become active.  You can do this in the root account
> easily by entering :
> 
> service sshd restart

Wrong. While this is working on CentOS and probably other Redhat based
distros this will certainly cause trouble on most Unix boxen.

service sshd reload

is what would be a good advice, because SIGHUP won't drop your current
OpenSSH/SunSSH connection, so the possibility to lock out yourself is
somewhat minimized. And as a side effect, this is the way a lot of
daemons are working, e.g. apache's httpd.

> #2. If you are connecting from one account to another account in
> different machines you must have id_dsa.pub
> in /home/user/.ssh/authorized_keys file of the account you are
> connecting with.
> 
> ie if you are logged on as root in one machine and you connect to
> another machine to the root account then id_dsa.pub of the original
> account has to be in /root/.ssh/authorized_keys of the machine you are
> connecting to. 

That's just half the truth. ssh simply looks for a default pub key file.
And it doesn't have to be $HOME/.ssh/id_dsa.pub, as it is depending on
your sshd_config. Nothing stops you to use a different keypair as long as 
you're having access to it - including the passphrase if neccessary.
 
Frank.


More information about the CentOS mailing list