Hi,
Can anybody tell me a way to do ssh , without prompting for password from keyboard, Using RSA. The requirement is I need to create the key , using passphrase also.....
Is there any way to do it in UNIX ?
I am doing it from AIX machine , but remote machine is Linux
I tried my best , couldn't succeed 
Shihab
There is so called "Host based authentication" can do the job. I can't provide full detail but you can google with above string. It mainly depends on ssh server and wherether the ssh client on AIX knows how to talk to the openssh ssh daemon on linux.
Tom
if your SSH versions on both servers are talking in the same protocol --- OpenSSH v2 and OpenSSH v2 or OpenSSH v1 and OpenSSH v1 --- see "man ssh-keygen" for scripting options ...
otherwise, see the OpenSSH website for more tips ...
1) on the machine you are connecting from:
ssh-keygen -t dsa
hit enter and enter when it asks you for a password
2) cd $HOME/.ssh
3) scp id_dsa.pub root@<IP_address_of_machine_connecting_TO:/tmp
4) Get on the machine connecting TO and:
5) cat /tmp/id_dsa.pub >> $HOME/.ssh/authorized_keys
Note:
SSH has to be of roughly the same version and should use the same algorithm, i.e. either only rsa or only dsa. Be consistent. I am not sure if OpenSSH will work with SSH. It likely will, but if not, install OpenSSH on both machines.
Now you are able to connect passwordless. On the machine connecting from:
ssh root@<machine_connecting_to> uname -a
and it will show you the output of that command. Also can do ssh root@<machine_connecting_to>
Second Note:
Make sure that all files in $HOME/.ssh are chmoded to 600. SSH will not work if anything is say 755, world readable, even if the .ssh direction is not.
The only issue with the above outlined process is that you now have a totally unencrypted private key laying around your hard drive, which is a security risk. So you should not always use this method of no password on the key, depending on other security factors, such as if your home directory is on an NFS exported directory within a large network, thus more vulnerable to attack.
Consider using ssh-agent. You can read about it in the online man or www.openssh.org. In this case, you supply a password when you generate your keys. I.e., when you do the ssh-keygen -t rsa command, don't simply hit enter twice, but actually enter a password when it prompts you for one. This will encrypt your private key, and to be able to use it you need to specify the password. But here is the cool thing: with ssh-agent, you only need to enter the password once per login session, and ssh-agent lets you reuse the key with no pawword authentication for the rest of that session. Thus you enter the key's password once, and then you can do ssh, scp, and sftp without any password authentication whatsoever.
(The entire process is real easy to do. For step by step instructions, see http://www.cc.gatech.edu/cns/software/ssh-agent.html.\)
While this is certainly true, sometimes using unencrypted ssh private keys is the most secure way to carry out some tasks. For example, if I wanted to copy an file from one server to another server every night at 3am, that would be a good time to use an unencrypted ssh key.
To mitiage the risk, as mentioned above, you should make 100% sure that the directory containing the keys isn't being shared or served, and that the permissions on the private key are 0400 (user read-only). In the example above, where the user is only doing file copies, you should look into using a restricted shell like rssh, so that even if the key is compromised, the scope of attacks is much more limited.
BTW, ssh will not work if permissions on the files are not restricted to the owner (read only for group/others will not work).
Hi all,
I am trying to set a standard in my company for using sftp.
After search the web for differences btw rsa and dsa encryption algo, I couldn't really find any best practices for using sftp.
Any expert is kind enough to advice if we should use rsa OR dsa encryption?
I followed instructions below for 2 users. One works fine (no password prompt in SSH) & other is not (gives password prompt). any idea ?
1) on the machine you are connecting from:
ssh-keygen -t dsa
hit enter and enter when it asks you for a password
2) cd $HOME/.ssh
3) scp id_dsa.pub root@<IP_address_of_machine_connecting_TO:/tmp
4) Get on the machine connecting TO and:
5) cat /tmp/id_dsa.pub >> $HOME/.ssh/authorized_keys