Posted on: Oct 12, 2008. By:
Jonathan In:
Linux With: No comments
Gargh, passwordless SSH… it’s pretty straightforward, maybe it’s just knowing where to look when things aren’t quite going to plan.
Basically I want to setup passwordless SSH from:
My client (in this case my D-Link DNS-323 nasbox) … to …
My server (running Debian Etch 4.0).
The following steps are required:
1. Generate a set of keys (private and public) on the client. To do this go into your home directory, change to the .ssh folder and run the ssh-keygen command as follows
|
cd ~/.ssh |
ssh-keygen -t rsa |
|
This will give you the following prompt:
Enter file in which to save the key (/root/.ssh/id_rsa):
If you hit enter it will create the following files:
|
id_rsa - our private key which will remain on the client |
id_rsa.pub - our public key which we need to copy to the server |
|
2. Copy the public key (id_rsa.pub) to the server as follows:
|
scp id_rsa.pub root@server:/root |
|
3. Login to your server and copy the contents of the public key into the .ssh/authorized_keys file
|
ssh root@server |
cat id_rsa.pub >> ~/.ssh/authorized_keys |
|
That’s about if although there are a fwe caveats:
4. Make sure that the server SSH daemon is setup to allow RSA, public key authentication and it is setup to read the correct authorized keys file. Check the:
It should contain the following entries:
|
RSAAuthentication yes |
PubkeyAuthentication yes |
AuthorizedKeysFile %h/.ssh/authorized_keys |
|
If you have to make changes then ensure you restart the SSH daemon:
Also make sure the permissions on the authorized_keys file is set, it should be as follows:
|
-rw------- 1 root root 393 Oct 11 21:45 authorized_keys |
|
if not then issue the following command:
|
chmod 600 authorized_keys |
|
6. Test the SSH connection works from the client via:
The -v flag will ensure verbose logging is turned on, this will tell you which keys it is reading and where it is reading them from. You can debug the whole thing on the server by tailing the auth.log as follows:
|
tail -f /var/log/auth.log |
|
Finally for the Funplug users make sure you use the default filenames (id_rsa and id_rsa.pub) and that they are saved in the following directory:
