[CentOS] rsync and passwords

Sun Dec 11 01:08:16 UTC 2005
Jim Perrin <jperrin at gmail.com>

On 12/10/05, Bryan J. Smith <thebs413 at earthlink.net> wrote:
> On Sat, 2005-12-10 at 10:13 -0800, Todd Cary wrote:
> > Jim -
> > I have read the man pages, and with my lack of experience, they are not
> > that clear.  Do you have another reference to suggest?
>
> Yeah, public key authentication can seem to use a number of concepts and
> terms that seem daunting at first.  But after just a little practice,
> they become second nature.
>
> In a nutshell (uber-simplified):
> 1)  You generate a key pair on the client -- a public and private
> 2)  You copy the public key to the server
>
> The next time you login to the server, the server "challenges" your
> client using the public key, of which, only the client has the private
> key to decrypt the challenge and respond correctly (again, mega
> oversimplification here).
>
> You do #1 on the client with:
>   ssh-keygen -t dsa
>   (enter twice for no passphrase)
>
> You do #2 with something like:
>   scp ~/.ssh/id_dsa.pub user at server:.ssh/authorized_keys
>
> [ NOTE:  When you run scp that time, you _will_ be prompted for your
> password.  That's the last time you should ever be though. ]
>

Only one thing to add to this. If the .ssh directory on the remote
machine doesn't exist, ssh from there to somewhere else, or create it
youself, but keep in mind the permissions. If your .ssh directory is
anything other than 600 (I think... pulling that number from deep
within my arse) it'll fail, and you'll be prompted for a password and
will wonder what went wrong.

> Now that should be it.  You should be able to ssh without being prompted
> for a password.  If you are still prompted, check the /var/log/messages
> files on both the client and server for any errors/issues.
>
> I can get more geeky if you have follow-up questions.
>
>
> --
> Bryan J. Smith   mailto:b.j.smith at ieee.org
> http://thebs413.blogspot.com
> ------------------------------------------
> Some things (or athletes) money can't buy.
> For everything else there's "ManningCard."
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


--
Jim Perrin
System Architect - UIT
Ft Gordon & US Army Signal Center