[ale] automating an ssh script?

[Michael Hirsch]

On Thu, 2002-07-25 at 10:56, ChangingLINKS.com wrote:
> I really hate to bug you about this. I have been reading the man pages, and 
> guessing at this process - but I keep meeting resistance. Could you please 
> show me what needs to be done command line by command line? I even tried 
> connecting ssh to my local machine (because some web page implied it). Please 
> please please help me by giving me *exactly* what I enter line by line.
> 
> 1. Here is what I thought would work:
> ssh-agent               //just to see the output
> eval `ssh-agent`       //to get the agent running and see the output
> Add  eval `ssh-agent` to your ~/.bash_profile    //so service to run on login?
>  touch  ~/.ssh/identity  //did this because trying to run ssh-add did not work
>  chmod 400 ~/.ssh/identity //did this because ssh-add complained
> ssh-add ~/.ssh/identity // did this because I just don't understand anything
> ssh-keygen -p password   //to create the public and private key files?

You got these in the wrong order.

0. rm -rf ~/.ssh so that you are starting from scratch.

1. ssh-keygen -- You can either use a passphrase (more secure) or not
(less secure).  If you don't use a passphrase then you can skip all the
ssh-agent stuff, but you are running a risk.  Make your passphrase
something other than your password.

2. look in .ssh.  What do you see?  If youi see identity.pub and
identity then you are using ssh version 1 (or 1.5, or something like
that).  With a more modern ssh you will end up with id_rsa and
id_rsa.pub (version 2) by default.  If you know which you want you can
use command line switches to get either one.

3. On the remote machine, add the contents of identity.pub to
.ssh/authorized_keys and or the contents of id_rsa.pub to
.ssh/authorized_keys2 (the man page leaves out the '2').

4. Now test to see if you can ssh to the remote host by giving your
passphrase.  If you can't, use the -v flag for ssh to get verbose
messages.  What can easily happen is that you generate one version of
key, but the remote system wants the other version.  It might be easiest
just to generate both and put them both in the autorized_keys* files. 
Another thing that can go wrong if the permissions of the files.  ssh is
very picky.  The .ssh directory should have 700 permissions and the
identity files should be 600.  This is probably true on both machines.

5.  Assuming that it is working, now run "eval `ssh agent`" and "ssh-add
~/.ssh/identity" of "ssh-add ~/.ssh/id_rsa".  You should be prompted for
a pass phrase, assuming that you gave one in step 1.

6. ssh to the remote host.  You should not need any passphrase for this
final step.

Hope that helps.  Ssh can be a little tricky to set up the first few
times.  It is usually either a protocol mismatch (version 1.5 vs.
version 2) or file permissions, in my experience.

--Michael



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.