SSH Access with no Passwords
There are two major versions of ssh2 - the commercial one referred to here as SSH, and public domain one called OpenSSH. Some machines can be running SSH, while others can be running OpenSSH. The instructions below, describe the procedures for setting up passwordless access when both machines are running SSH, or when both machines are running OpenSSH, and the case where one machine is running SSH and the other OpenSSH. The Robotics section at JPL has standardized on the use of OpenSSH for all Linux machines.
How to establish passwordless access between:
- OpenSSH (>2.0) and OpenSSH (>2.0) (All JPL Robotics Linux machines)
- OpenSsh (>2.0) and SSH
- SSH (2.x) and SSH (2.x)
- SSH for remote processes
- Additional Notes
OpenSSH (>2.0) to OpenSSH (>2.0)
If all the machines you running use the same version of ssh (e.g. robotics subnet at JPL), then you may want to first delete your ~/.ssh and ~/.ssh2 directories. You can verify your version of ssh as follows:
(should be OpenSSH_<version>, where the version is >2.0)
Then type the following:
cd ~/.ssh
cp id_dsa.pub authorized_keys2
chmod 600 authorized_keys2
(to ssh to non-robotics machines, make sure to copy over your authorized_keys2 (you may also need to copy over the id_dsa.pub and id_dsa files also) to the ~/.ssh directory; you may also need to make sure your user ids are the same on both machines)
OpenSsh (>2.0) and SSH
For machines where host A is running SSH 2.0 while host B is running OpenSsh 2.0, here are the steps for passwordless access:
- Setup passwordless access from host A to host A (see above). Do the same for host B
- From Host B to Host A
- Login to host B (the one with OpenSsh). Run the command: ssh-keygen -x -d > B.pub
- Accept the default key file
.ssh/id_dsaand press enter at the passphrase prompt. - Copy the
B.pubfile into the~/.ssh2on host A. - Add the line Key
B.pubto the~/.ssh2/authorizationfile on host A.
- From Host A to Host B
- Copy the
~/.ssh2/id_dsa_1024_a.pubfile from A to ~ on B. Run the command:ssh-keygen -X > tmpkey - Specify the file
~/id_dsa_1024_a.pubfor the key file instead of the default - Append contents of the
tmpkeyfile to the~/.ssh/authorized_keys2file.
- Copy the
- From Host B to Host A
You should now be able to go passwordless from A to B.
SSH (2.x) and SSH (2.x)
On any of these machines run:
and have the key generated with empty passphrase. This will create a .ssh2 directory. In this directory create a file called "authorization" with single line:
Also create a file called "identification" with the single line
You may need to log back and forth across the Sun machines the first couple of times using a password. But this should enable you to go passwordless between the various workstations. Verify that you are indeed running the ssh2 binary by running.
This should return the version number of 2.4.0 or higher.
SSH for Remote Processes
Sometimes it is necessary to use ssh to start remote processes and you may need to be able to do this without having to specify passwords each time. Let us say you want to be able to ssh from host A to without a password. You would ssh from <host A> to <host B> and <host B>.jpl.nasa.gov. Also from <host B> ssh to <host A> and <host A>.jpl.nasa.gov.
Set up a .shosts file on <host B> and include the lines
<host A>.jpl.nasa.gov <username>
This should do it. (You may need to run ssh-keygen in the beginning to create a .ssh/identity file). It also appears to help if you include host entries with and without the".jpl.nasa.gov" suffix in the .shosts file. Doing a bunch of ssh logins back-and-forth using the full host name (i.e. with suffix) then appears to get the no-password login feature activated.
Additional Notes
On ssh2 configuration see:
- http://cs.smith.edu/FAQ/ssh2.html
- http://www.indiana.edu/~rats/research/steel/ssh2-setup.shtml
- http://www.employees.org/~satch/ssh/faq/ssh-faq.html
A tutorial is avaialable at: