Wednesday, March 6, 2013

Automatic Login with SSH: authorized_keys(2&) | publickey(s)

For whatever reason ssh seems so buggy, even though its not. in anycase these are my findings to having a session without having to login each time or having a public Login type scenario..:

1) adjust your firewall to allow ssh port 22


2) open a terminal change into .ssh then create a new private/public key(save the artwork as well).

cd .ssh
ls -l
ssh-keygen -t rsa -f /home/justin/.ssh/id_rsa -C ' '
gvim artwork  <--copy/paste your key artwork from the screen then save -->
optional artwork from the default:
ssh-keygen -lv -f /etc/ssh/ssh_host_rsa_key >> artwork

3) add the key to the database then create authorized_keys. After creating the file(s) then create a compressed image of everything to be transferred over to the other host system either by disk drive or scp whatever you prefer.

ssh-add id_rsa
ssh-add -l
ls -l
cp authorized_keys
tar -cf ssh_key_pub.tar artwork authorized_keys id_rsa
ls -l

4) using the other machine, use scp to copy the image of files the uncompress and add the key to the database. 

scp  justin@ .
ls -l
tar -xf ssh_key_pub.tar
ls -l
ssh-add id_rsa
NOTE: for whatever reason I hit some connection issue with scp, strange thing is everything worked as it should.

5) adjust the config file(s) so you can be using RSA authentication

gvim /etc/ssh/sshd_config

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /home/justin/.ssh/authorized_keys
PasswordAuthentication no


RhostRSAAuthentication yes 
RSAAuthentication yes
PasswordAuthentication no
VisualHostKey yes

save and exit.

6) restart sshd and login

service sshd restart
ssh justin@|3 etc..

NOTE: the first login seems to have  /usr/libexec/gcr-prompter in of which requires the password you used for the RSA keyfile, after giving the password click on the box on the bottom to remember. after the initial login all other login(s) are without a password. still need to figure out why gcr-prompter fires off.

hope this helps anybody having issues with this.