SSH: Avoiding password prompt with rsa key generation

Hi,

I am using a remote storage service for backing up our data - we want to have a script run as part of a cron job which would do the backups from our local Linux machine to the service's Linux machine.

I want to use tar and ssh to do this (rather than mounting the disk and using cp) . Therefore want to learn how to avoid having to type in a password with ssh. I am new to this feature so I went online and read the procedure, downloaded and built OpenSSH and did the following:

$ ssh-keygen -t rsa
 Generating public/private rsa key pair.
Enter file in which to save the key \(/homes/12/same/.ssh/id_rsa\):
/homes/12/same/.ssh/id_rsa already exists.
Overwrite \(y/n\)? y
Enter passphrase \(empty for no passphrase\):
Enter same passphrase again:
Your identification has been saved in /homes/12/same/.ssh/id_rsa.
Your public key has been saved in /homes/12/same/.ssh/id_rsa.pub.
The key fingerprint is:
27:a4:d4:63:35:62: ... same@dpdw

$ ssh-copy-id -i ~/.ssh/id_dsa.pub test3@remote.machine
test3@remote.machine''s password:
Now try logging into the machine, with "ssh 'test3@remote.machine'", and check in:

 .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

So at this point I'm expecting to be able to ssh into the remote machine and not be prompted for a password. Is this what should happen? As can be below seen I'm still prompted.

$ ssh 'test3@remote.machine'
[email]test3@remote.mach[/email]ine's password:

Can someone please suggest a possible problem with what I'm doing that's preventing this from working?

Thanks in advance,
Sam

remove any "old" keys that might be sitting in the authorized file. did you plant in the key correctly? check that its of ONE line only

Ok I started over: I ssh'ed into the remote machine, bricklayer, and deleted .ssh/authorized_keys. then exited to the local machine, meggi, and deleted id_rsa and id_rsa.pub. Then regenerated the key. Here's the whole sequence from scratch:

$ rm .ssh/authorized_keys
$ exit
logout
Connection to bricklayer.remotehost closed.
>   
> rm .ssh/id_rsa*
>
> ls .ssh/
known_hosts
> uname -n
meggi
> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key \(/homes/12/same/.ssh/id_rsa\):
Enter passphrase \(empty for no passphrase\):
Enter same passphrase again:
Your identification has been saved in /homes/12/same/.ssh/id_rsa.
Your public key has been saved in /homes/12/same/.ssh/id_rsa.pub.
The key fingerprint is:
ff:1b:fa:c6:80:33:15:ae:9e:57:39:94:38:20:67:c1 same@meggi
>
> ssh-copy-id -i ~/.ssh/id_rsa.pub [email]test3@bricklayer.remo[/email]tehost
[email]test3@bricklayer.remo[/email]tehost's password:
Now try logging into the machine, with "ssh 'test3@bricklayer.remotehost'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

> cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2E...WUXfilLCNywEmX0= same@meggi
>
>
> ssh [email]test3@bricklayer.remo[/email]tehost
[email]test3@bricklayer.remo[/email]tehost's password:
Last login: Fri Aug  1 12:13:58 2008 from meggi.localhost
$
$ uname -n
bricklayer
$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2E...WUXfilLCNywEmX0= same@meggi
$

So the two files ~/.ssh/id_rsa.pub and .ssh/authorized_keys are identical, I diff'ed them. Is that the way it should be? Also does the local machine's ~/.ssh/known_hosts file play a role in this?

Thanks,
Sam

What ID are you using on meggi to execute the ssh login to bricklayer?
It should be the same, 'test3'. It looks like you used the ID of 'same' to generate
the RSA key?

also ensure that both the local and remote ~/.ssh are chmod'ed to 0700 and ~/.ssh/authorized_keys on the remote is chmod'ed 0600.

if memory serves correctly i think you run

ssh-keygen -t dsa

hit enter twice and it should give you a null passphrase.

bottomline is you need to set up a passphrase to build your keys. then you need to strip out the passphrase so you are no longer prompted for it.