On Saturday 09 February 2002 03:26 pm, Larry McVoy wrote:
> > > I also push it to my private version on bkbits.net, and it is supposed
> > > to be automatically then pushed onwards to the public one that is at
> > > http://linux.bkbits.net:8080/linux-2.5, but the infrastructure for that
> > > isn't yet working.
> >
> > Ok, understood. While waiting for a 'proper' infrastructure', maybe
> > a simple cron entry will do the job ? (since the bk pull from your
> > private tree on bkbits to the public tree on bkbits is not supposed
> > to ever fail or have merge errors...)
>
> This is my problem. You could help if you could tell me what exactly
> are the magic wands to wave such that you can ssh in without typing
> a password.
You need three or four files in the .ssh directory of the account in
question. (This is assuming that ssh protocol 2 comes first in your
ssh_config and sshd_config files.)
1) The file ~/.ssh/known_hosts2 lists the host keys. If you just ssh to a
box it'll prompt you if it should add an unknown key to the file. (Just do
this manually once in each direction and this file will be happy. You can
assemble it manually from /etc/ssh/ssh_host_key.pub if you want, but I doubt
you need to.)
2) Generate a public/private pair of dsa encryption keys, with:
ssh-keygen -d -f ~/.ssh/id_dsa
Just press enter twice for the passphrase (you don't want one for
passwordless sshing).
3) In the .ssh dir, copy "id_dsa.pub" to "authorized_keys2"
4) Copy the three files you just created (id_dsa, id_dsa.pub, and
authorized_keys2) to the ~/.ssh directory on the other box.
This allows bidirectional passwordless sshing. If you want to only ssh in
one direction, keep the public keys (id_dsa.pub and authorized_keys2) but zap
the private key on the appropriate box.
Now just try to ssh as the user in question. (su username, then ssh 1.2.3.4)
If you're piping data from one box to another, you might want to use the -T
option to tell it no controlling TTY. (Largely a matter of personal
taste...) And sometimes -C "echo hello" works better than just having the
commands explicitly on the end of the command line...
I have this working over here. If I missed a step, email me.
Rob
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Feb 15 2002 - 21:00:29 EST