×

Loading...
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。

I did same thing on Linux box, attached is the procedure, hope it can help

1. mkdir ~/.ssh
chmod 700 ~/.ssh
2. /usr/bin/ssh-keygen -t rsa

3. /usr/bin/ssh-keygen -t dsa

4. touch ~/.ssh/authorized_keys
cd ~/.ssh

5. ssh node1 cat /home/$LOGIN/.ssh/id_rsa.pub >> authorized_keys
ssh node1 cat /home/$LOGIN/.ssh/id_dsa.pub >> authorized_keys
ssh node2 cat /home/$LOGIN/.ssh/id_rsa.pub >> authorized_keys
ssh node2 cat /home/$LOGIN/.ssh/id_dsa.pub >> authorized_keys

6. use SCP to copy authorzied_keys file to $LOGIN/.ssH directory of other nodes.

7. chmod 600 ~/.ssh/authorized_keys


8. enable ssh user equvalency
you need to do this for the terminal session
$exec /usr/bin/ssh-agent $SHELL
$/usr/bin/ssh-add


now you can test it.
Report

Replies, comments and Discussions:

  • 工作学习 / 专业技术讨论 / 那位大仙做过ssh 免password远程登陆? ssh_host_rsa_key.pub,ssh_host_dsa_key.pub,.rhost, host.equiv, shost.equiv 都试过了,还是要password.
    environment:
    AIX: 5.3L
    SW: OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005

    Purpose:
    to enable a compressed tunnel between hosts on WAN, the ssh command line need to add to rc.d directory or inetd.conf
    • ^^
      • Put the public key into ~username/.ssh/authorized_keys, try to log in again with your private key, if still failed, then check the log from the session.
        • here is debug info.
          本文发表在 rolia.net 枫下论坛informix@localBox:/home/informix/.ssh ->ssh -vvv -CN -R 22005:localBox:22005 -L \ 22006:remoteBox:22006 informix@remoteBox
          OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005
          debug1: Reading configuration data /etc/ssh/ssh_config
          debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
          0509-026 System error: A file or directory in the path name does not exist.

          debug1: Error loading Kerberos, disabling Kerberos auth.
          debug2: ssh_connect: needpriv 0
          debug1: Connecting to remoteBox [10.10.1.39] port 22.
          debug1: Connection established.
          debug1: identity file /home/informix/.ssh/identity type -1
          debug3: Not a RSA1 key file /home/informix/.ssh/id_rsa.
          debug2: key_type_from_name: unknown key type '-----BEGIN'
          debug3: key_read: missing keytype
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug2: key_type_from_name: unknown key type '-----END'
          debug3: key_read: missing keytype
          debug1: identity file /home/informix/.ssh/id_rsa type 1
          debug3: Not a RSA1 key file /home/informix/.ssh/id_dsa.
          debug2: key_type_from_name: unknown key type '-----BEGIN'
          debug3: key_read: missing keytype
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug3: key_read: missing whitespace
          debug2: key_type_from_name: unknown key type '-----END'
          debug3: key_read: missing keytype
          debug1: identity file /home/informix/.ssh/id_dsa type 1
          debug1: Remote protocol version 1.99, remote software version OpenSSH_4.1
          debug1: match: OpenSSH_4.1 pat OpenSSH*
          debug1: Enabling compatibility mode for protocol 2.0
          debug1: Local version string SSH-2.0-OpenSSH_4.1
          debug2: fd 4 setting O_NONBLOCK
          debug1: SSH2_MSG_KEXINIT sent
          debug1: SSH2_MSG_KEXINIT received
          debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
          debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
          debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
          debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
          debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
          debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
          debug2: kex_parse_kexinit: zlib,none
          debug2: kex_parse_kexinit: zlib,none
          debug2: kex_parse_kexinit:
          debug2: kex_parse_kexinit:
          debug2: kex_parse_kexinit: first_kex_follows 0
          debug2: kex_parse_kexinit: reserved 0
          debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
          debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
          debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
          debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
          debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
          debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
          debug2: kex_parse_kexinit: none,zlib
          debug2: kex_parse_kexinit: none,zlib
          debug2: kex_parse_kexinit:
          debug2: kex_parse_kexinit:
          debug2: kex_parse_kexinit: first_kex_follows 0
          debug2: kex_parse_kexinit: reserved 0
          debug2: mac_init: found hmac-md5
          debug1: kex: server->client aes128-cbc hmac-md5 zlib
          debug2: mac_init: found hmac-md5
          debug1: kex: client->server aes128-cbc hmac-md5 zlib
          debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
          debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
          debug2: dh_gen_key: priv key bits set: 123/256
          debug2: bits set: 524/1024
          debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
          debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
          debug3: check_host_in_hostfile: filename /home/informix/.ssh/known_hosts
          debug2: key_type_from_name: unknown key type '1024'
          debug3: key_read: missing keytype
          debug3: check_host_in_hostfile: match line 2
          debug3: check_host_in_hostfile: filename /home/informix/.ssh/known_hosts
          debug2: key_type_from_name: unknown key type '1024'
          debug3: key_read: missing keytype
          debug3: check_host_in_hostfile: match line 2
          debug1: Host 'remoteBox' is known and matches the RSA host key.
          debug1: Found key in /home/informix/.ssh/known_hosts:2
          debug2: bits set: 510/1024
          debug1: ssh_rsa_verify: signature correct
          debug2: kex_derive_keys
          debug2: set_newkeys: mode 1
          debug1: Enabling compression at level 6.
          debug1: SSH2_MSG_NEWKEYS sent
          debug1: expecting SSH2_MSG_NEWKEYS
          debug2: set_newkeys: mode 0
          debug1: SSH2_MSG_NEWKEYS received
          debug1: SSH2_MSG_SERVICE_REQUEST sent
          debug2: service_accept: ssh-userauth
          debug1: SSH2_MSG_SERVICE_ACCEPT received
          debug2: key: /home/informix/.ssh/identity (0)
          debug2: key: /home/informix/.ssh/id_rsa (2004ae88)
          debug2: key: /home/informix/.ssh/id_dsa (2004aea8)
          debug1: Authentications that can continue: publickey,password,keyboard-interactive
          debug3: start over, passed a different list publickey,password,keyboard-interactive
          debug3: preferred publickey,keyboard-interactive,password
          debug3: authmethod_lookup publickey
          debug3: remaining preferred: keyboard-interactive,password
          debug3: authmethod_is_enabled publickey
          debug1: Next authentication method: publickey
          debug1: Trying private key: /home/informix/.ssh/identity
          debug3: no such identity: /home/informix/.ssh/identity
          debug1: Offering public key: /home/informix/.ssh/id_rsa
          debug3: send_pubkey_test
          debug2: we sent a publickey packet, wait for reply
          debug1: Authentications that can continue: publickey,password,keyboard-interactive
          debug1: Offering public key: /home/informix/.ssh/id_dsa
          debug3: send_pubkey_test
          debug2: we sent a publickey packet, wait for reply
          debug1: Authentications that can continue: publickey,password,keyboard-interactive
          debug2: we did not send a packet, disable method
          debug3: authmethod_lookup keyboard-interactive
          debug3: remaining preferred: password
          debug3: authmethod_is_enabled keyboard-interactive
          debug1: Next authentication method: keyboard-interactive
          debug2: userauth_kbdint
          debug2: we sent a keyboard-interactive packet, wait for reply
          debug1: Authentications that can continue: publickey,password,keyboard-interactive
          debug3: userauth_kbdint: disable: no info_req_seen
          debug2: we did not send a packet, disable method
          debug3: authmethod_lookup password
          debug3: remaining preferred:
          debug3: authmethod_is_enabled password
          debug1: Next authentication method: password
          informix@remoteBox's password:
          informix@localBox:/home/informix/.ssh ->更多精彩文章及讨论,请光临枫下论坛 rolia.net
      • 1. How did you generate the keys, via "ssh-keygen" on the same platform? 2. is there a $HOME/.ssh/authorized_keys on remote machine?
        • 1, yes, 2,yes, 2: I didn't reset file mode to 600. when reset, it works. THANSK>
    • I guess you might solve the problem by changing the source code of ssh a little bit. Add the password in the source code itself. Use the default password by option.
    • I did same thing on Linux box, attached is the procedure, hope it can help
      1. mkdir ~/.ssh
      chmod 700 ~/.ssh
      2. /usr/bin/ssh-keygen -t rsa

      3. /usr/bin/ssh-keygen -t dsa

      4. touch ~/.ssh/authorized_keys
      cd ~/.ssh

      5. ssh node1 cat /home/$LOGIN/.ssh/id_rsa.pub >> authorized_keys
      ssh node1 cat /home/$LOGIN/.ssh/id_dsa.pub >> authorized_keys
      ssh node2 cat /home/$LOGIN/.ssh/id_rsa.pub >> authorized_keys
      ssh node2 cat /home/$LOGIN/.ssh/id_dsa.pub >> authorized_keys

      6. use SCP to copy authorzied_keys file to $LOGIN/.ssH directory of other nodes.

      7. chmod 600 ~/.ssh/authorized_keys


      8. enable ssh user equvalency
      you need to do this for the terminal session
      $exec /usr/bin/ssh-agent $SHELL
      $/usr/bin/ssh-add


      now you can test it.
      • I guess this is very good, though I don't know much about this.
      • is step #8 a must? I didn't do that because I am thinking it is about X-sessions. Thanks for reply.
        • yes, it is required.
          • 我从没做过这一步。就是建key pair, 传文件,还有置600权限。 http://www.linuxproblem.org/art_9.html
            • u r right, it is difficult to catch server side problem by turn on client side debug, server won't release any security related info to client before login, becuase it is "secure" sh.
    • DONE. just follow #3013680 step 1~7 is fine. My problem is the file permission problem with the file authorized_key and authorized_key2. it support to be 600 or 640, i set it to 660, after chmod to 640, it works.
      Thanks to everybody here.