SSH
senaque at thepla.net
senaque at thepla.net
Sun Jan 19 01:39:30 CET 2003
G'day,
On the subject of playing with SSH the other day, I discovered why password-less SSH
was not working (fai 2.4beta/CVS-1-week-ago version). The code in fai-setup looks
like this:
if [ $FAI_REMOTESH = "ssh" -o $FAI_REMOTECP = "scp" ]; then
# set up ssh on the server
mkdir -p -m 700 $loguserhome/.ssh
[ -f $sshdir/id_rsa ] || ssh-keygen -t rsa -N '' -f $sshdir/id_rsa -C \
"$LOGUSER@$HOST"
[ -f $sshdir/id_dsa ] || ssh-keygen -t dsa -N '' -f $sshdir/id_dsa -C \
"$LOGUSER@$HOST"
cat $sshdir/identity.pub >> $sshdir//authorized_keys
The problem is that there is no actual "identity.pub" created, rather an id_rsa.pub and
an id_dsa.pub. So authorized_keys doesn't end up having anything in it.
So instead I did "cat $sshdir/*.pub > $sshdir/authorized_keys" and it's worked fine this
time around. :-)
Also one of the folks on the IRC channel mentioned that "Privilege Separation" might
also have an influence, but on my system both the fai-client and fai-server have
"UsePrivilegeSeparation yes" in their sshd_config, and it has worked now that I
created a correct authorized_keys.
Hope this helps anyone,
Senaque
---
Senaque <senaque at thepla.net>
More information about the linux-fai
mailing list