Hi,

I am a beginner in setting up SSH. Our server "atlantis" is
running commercial SSH Tectia Server 4.1.0 with Solaris 8.
Our other server "trojan" is running openSSH. We are trying to ssh
from trojan to atlantis directly without the root password request. How
does one do it ?

Attached is our debug log output. Notice it's asking for root
password. we want to skip it and ssh into atlantis directly.

Thanks,


Humphrey



trojan% ssh -v atlantis

debug1: Host 'atlantis' is known and matches the DSA host key.
debug1: Found key in //.ssh/known_hosts:7
debug1: bits set: 512/1024
debug1: len 55 datafellows 0
debug1: ssh_dss_verify: signature correct
debug1: Wait SSH2_MSG_NEWKEYS.
debug1: GOT SSH2_MSG_NEWKEYS.
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: done: KEX2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: key does not exist: //.ssh/identity
debug1: try pubkey: //.ssh/id_rsa
debug1: read SSH2 private key done: name rsa w/o comment success 1
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: try pubkey: //.ssh/id_dsa
debug1: read SSH2 private key done: name dsa w/o comment success 1
debug1: sig size 20 20
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: next auth method to try is password

root@atlantis password: #

On 20 Jun 2005 17:08:48 -0700, underh20 <humphrey.c.chan@gmail.com> wrote:
As root? Don't.

Don't log in as root. Security within the SSH server may stop that from
happening in any case. There are many ways to do this without hassle,
and yet preserve security. Easiest that comes to mind, is say user Joe
on trojan wants to run job "blah" on Atlantis, as root. So, for that,
set up Joe's SSL keys so he can execute commands on atlantis as himself,
from trojan. Then, add Joe to the sudoers file on atlantis, so he can
execute command "blah" on Atlantis as root without a password prompt.
So, it then is down to this:
trojan% ssh joe@atlantis "sudo blah"

Because you're joe, but you're trying to use root's .ssh files which
aren't there.

Dave Hinz wrote:
Dave is right about the root login, but if you still wants it:

For root generate authentication keys for ssh running `ssh-keygen'(1).
The man page explains everything in detail, but especially you want to
specify the type of key (rsa1, rsa, dsa) with `-t <type>'




--
reply to usenet only

On Wed, 22 Jun 2005 16:20:07 +0200,
mgrd <mgrd@gmx.net> wrote:


And posibly the -e option for creating key files for non-OpenSSH
servers.

Villy