using ssh without a password

I am trying to find out how to setup ssh so that I can log into another
computer without using a password (so I can use it in a script). Does
anyone know how to go about doing this? I created a new user just for
this purpose, and deleted the password field in /etc/passwd. When
logging in with that user on the console, it doesnt ask for a password,
but if I try connecting via ssh it still asks for a password.

Any suggestions?

Thanks,
Aaron

Aaron Walker wrote:
> I am trying to find out how to setup ssh so that I can log into another
> computer without using a password (so I can use it in a script). Does
> anyone know how to go about doing this? I created a new user just for
> this purpose, and deleted the password field in /etc/passwd. When
> logging in with that user on the console, it doesnt ask for a password,
> but if I try connecting via ssh it still asks for a password.
>
> Any suggestions?
>
> Thanks,
> Aaron
>

I forgot to say.. also, I tried the following:

user@morpheus$ ssh-keygen -t dsa -f ~/.ssh/id_dsa

when asked for the pass phrase, I left it empty.

user@morpheus$ scp ~/.ssh/id_dsa.pub root@razor:/home/user/.ssh
user@morpheus$ ssh root@razor
root@razor# cd ~user/.ssh
root@razor# chown user id_dsa.pub
root@razor# chgrp user id_dsa.pub
root@razor# su user
user@razor$ ls -l
-rw-r--r-- 1 user user 226 Nov 1 21:43 id_dsa.pub
-rw-r--r-- 1 user user 221 Nov 1 21:28 known_hosts
user@razor$ mv id_dsa.pub authorized_keys2
user@razor$ chmod 640 authorized_keys2
user@razor$ logout
root@razor# logout
user@morpheus$ ssh razor
user@razor's password:

its still asking for a password... any suggestions?

Aaron

Aaron Walker wrote:
> I am trying to find out how to setup ssh so that I can log into another
> computer without using a password (so I can use it in a script). Does
> anyone know how to go about doing this? I created a new user just for
> this purpose, and deleted the password field in /etc/passwd. When
> logging in with that user on the console, it doesnt ask for a password,
> but if I try connecting via ssh it still asks for a password.
>
> Any suggestions?

Don't ever have an account w/o a password, for one.

Copy the originating user's public key to the target machine and append
it to the end of the authorized_keys file. Now A can connect to B w/o
password. I suggest that you use strict enforcement of host key checking
at both ends. If this is for a dedicated task, put that in the key line,
so a connect will run the "other end" process only.

Now you know where to look in the doc.
--
bill davidsen

On Sun, 02 Nov 2003 02:57:54 +0000, Aaron Walker wrote:

> Aaron Walker wrote:
>> I am trying to find out how to setup ssh so that I can log into another
>> computer without using a password (so I can use it in a script). Does
>> anyone know how to go about doing this? I created a new user just for
>> this purpose, and deleted the password field in /etc/passwd. When
>> logging in with that user on the console, it doesnt ask for a password,
>> but if I try connecting via ssh it still asks for a password.
>>
>> Any suggestions?
>>
>> Thanks,
>> Aaron
>>
>>
> I forgot to say.. also, I tried the following:
>
> user@morpheus$ ssh-keygen -t dsa -f ~/.ssh/id_dsa
>
> when asked for the pass phrase, I left it empty.
>
> user@morpheus$ scp ~/.ssh/id_dsa.pub root@razor:/home/user/.ssh
> user@morpheus$ ssh root@razor
> root@razor# cd ~user/.ssh
> root@razor# chown user id_dsa.pub
> root@razor# chgrp user id_dsa.pub
> root@razor# su user
> user@razor$ ls -l
> -rw-r--r-- 1 user user 226 Nov 1 21:43 id_dsa.pub -rw-r--r-- 1 user
> user 221 Nov 1 21:28 known_hosts user@razor$ mv id_dsa.pub
> authorized_keys2 user@razor$ chmod 640 authorized_keys2 user@razor$
> logout
> root@razor# logout
> user@morpheus$ ssh razor
> user@razor's password:
>
> its still asking for a password... any suggestions?
>
> Aaron
Hello Aaron,

As user use ssh-keygen to generate a key pair. Then as root cat
/home/user/.ssh/<new_user_key>.pub >> /root/.ssh/authorized_keys After
startup a ssh-agent (or look into keychain) as user. Note that you will be
asked to enter a password once per machine reboot but that is better than
every time.

look at:
man ssh-keygen and man ssh-agent for more information also look up
keychain on google.

Also NEVER!! have a user with out a password and especially with a private
key that root accepts.

Michel

On Sun, 02 Nov 2003, Aaron Walker <ka0ttic@DELETE_THIScfl.rr.com> wrote:
> I am trying to find out how to setup ssh so that I can log into another
> computer without using a password (so I can use it in a script). Does
> anyone know how to go about doing this? I created a new user just for
> this purpose, and deleted the password field in /etc/passwd. When
> logging in with that user on the console, it doesnt ask for a password,
> but if I try connecting via ssh it still asks for a password.

Doesn't your system use shadow passwords? Whatever you did, you should
undo it, remove that user, or set a password by normal means.

To ssh and run a particular command without password or passphrase,
generate a key without a passphrase and transfer the resulting .pub key to
the ~/.ssh dir of the destination user. Then from that directory append
that to the authorized_keys file (cat whatever.pub >> authorized_keys).

Make sure that the .ssh dir and files on destination are owned by that
user there. And it may be a good idea to do: chmod -R go-rwx ~/.ssh

Then in 'man sshd' read AUTHORIZED_KEYS FILE FORMAT to see how to set a
command for that key.

Note that unless it is an old system, many default to ssh2, so you should
probably generate a dsa key with ssh-keygen.

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/

Aaron Walker <ka0ttic@DELETE_THIScfl.rr.com> wrote in message news:<So_ob.71158$(E-Mail Removed) m>...
> Aaron Walker wrote:
> > I am trying to find out how to setup ssh so that I can log into another
> > computer without using a password (so I can use it in a script). Does
> > anyone know how to go about doing this? I created a new user just for
> > this purpose, and deleted the password field in /etc/passwd. When
> > logging in with that user on the console, it doesnt ask for a password,
> > but if I try connecting via ssh it still asks for a password.
> >
> > Any suggestions?
> >
> > Thanks,
> > Aaron
> >
>
> I forgot to say.. also, I tried the following:
>
> user@morpheus$ ssh-keygen -t dsa -f ~/.ssh/id_dsa
>
> when asked for the pass phrase, I left it empty.
>
> user@morpheus$ scp ~/.ssh/id_dsa.pub root@razor:/home/user/.ssh
> user@morpheus$ ssh root@razor
> root@razor# cd ~user/.ssh
> root@razor# chown user id_dsa.pub
> root@razor# chgrp user id_dsa.pub
> root@razor# su user
> user@razor$ ls -l
> -rw-r--r-- 1 user user 226 Nov 1 21:43 id_dsa.pub
> -rw-r--r-- 1 user user 221 Nov 1 21:28 known_hosts
> user@razor$ mv id_dsa.pub authorized_keys2
> user@razor$ chmod 640 authorized_keys2
> user@razor$ logout
> root@razor# logout
> user@morpheus$ ssh razor
> user@razor's password:
>
> its still asking for a password... any suggestions?
>
> Aaron

If you are using OpenSSH, rename authorized_keys2 to authorized_keys;
if you are using ssh.com's SSH, rename authorized_keys2 to authorization.