On 12/10/05, Bryan J. Smith thebs413@earthlink.net wrote:
On Sat, 2005-12-10 at 10:13 -0800, Todd Cary wrote:
Jim - I have read the man pages, and with my lack of experience, they are not that clear. Do you have another reference to suggest?
Yeah, public key authentication can seem to use a number of concepts and terms that seem daunting at first. But after just a little practice, they become second nature.
In a nutshell (uber-simplified):
- You generate a key pair on the client -- a public and private
- You copy the public key to the server
The next time you login to the server, the server "challenges" your client using the public key, of which, only the client has the private key to decrypt the challenge and respond correctly (again, mega oversimplification here).
You do #1 on the client with: ssh-keygen -t dsa (enter twice for no passphrase)
You do #2 with something like: scp ~/.ssh/id_dsa.pub user@server:.ssh/authorized_keys
[ NOTE: When you run scp that time, you _will_ be prompted for your password. That's the last time you should ever be though. ]
Only one thing to add to this. If the .ssh directory on the remote machine doesn't exist, ssh from there to somewhere else, or create it youself, but keep in mind the permissions. If your .ssh directory is anything other than 600 (I think... pulling that number from deep within my arse) it'll fail, and you'll be prompted for a password and will wonder what went wrong.
Now that should be it. You should be able to ssh without being prompted for a password. If you are still prompted, check the /var/log/messages files on both the client and server for any errors/issues.
I can get more geeky if you have follow-up questions.
-- Bryan J. Smith mailto:b.j.smith@ieee.org http://thebs413.blogspot.com
Some things (or athletes) money can't buy. For everything else there's "ManningCard."
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Jim Perrin System Architect - UIT Ft Gordon & US Army Signal Center