Bob Williams wrote:
Time for bed. See you tomorrow.
Once you get the SSH server running, you can follow the guide[2] to setting up key authentication. Everything should work exactly as published there.
[1] http://www.portforward.com [2] http://en.opensuse.org/Public_Key_Authentication
Bob, ssh is usually 'fire-and-forget' simple. I've followed the post and the only thing I see is that ssh on 11.0 may be choking on your use of rsa authentication. I do all my passwordless ssh configs the same way. I have 10 or so openSuSE boxes and all communicate via ssh without password and without issue. If you are convince that ssh is up and that SuSEFirewall2 is allowing communication on port 22, try this: (1) Check your /etc/ssh/sshd_config Protocol 2 PasswordAuthentication no UsePAM yes X11Forwarding yes Subsystem sftp /usr/lib/ssh/sftp-server AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL (2) on you laptop, generate a (dsa) key, not an (rsa) key with: ssh-keygen -t dsa Use the defaults! You should just just be hitting return 3 times after issuing the above command. The ssh-keygen transaction should look like this: 17:52 nemesis~/.ssh> ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/zachry/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/zachry/.ssh/id_dsa. Your public key has been saved in /home/zachry/.ssh/id_dsa.pub. The key fingerprint is: b0:ff:a2:1c:e1:3b:2f:0a:42:d0:c9:d9:c3:af:bc:a1 zachry@nemesis Now, make a copy of the id_dsa.pub key so you can identify it on the other machines. I use 'cp id_dsa.pub id_dsa.pub.$HOSTNAME'. For this example we will call it "id_dsa.pub.laptop". Copy the id_dsa.pub.laptop key to your desktop box and put it in ~/.ssh. I also keep a public_keys directory on my server where all id_dsa.pub.$HOSTNAME keys are kept (I'll explain more later) (3) on the desktop, delete any existing ~/.ssh/authorized_keys file. Now create a new one with: cp id_dsa.pub.laptop authorized_keys # or you can simple use: cat id_dsa.pub.laptop > authorized_keys NOTE: if you need to add any additional keys to the file, you will need to append the keys to the file with: cat id_dsa.pub.laptop >> authorized_keys (4) on the laptop now ssh into the desktop box and you should be able to do it without a password. If you can't, you have other problems not related to ssh, ssh-keygen or your use of authorized_keys. Good Luck! Additional Reading: How to Centrally Maintain all your ssh Public Keys: (1) Collect all of your public keys (id_dsa.pub.hostname, etc..) into a single directory on on a central box. You will have something that looks like this: 17:58 nirvana~/linux/boxes> l public_keys/ total 192 drwxr-xr-x 2 david dcr 4096 2008-10-22 22:40 ./ drwxr-xr-x 21 david rankin 4096 2008-10-28 00:49 ../ -rw-r--r-- 1 root root 16274 2008-10-22 22:39 authorized_keys -rw-r--r-- 1 david dcr 15672 2008-10-18 23:40 authorized_keys.1 -rw-r--r-- 1 david dcr 14475 2008-09-25 00:51 authorized_keys.2 -rw-r--r-- 1 david dcr 13266 2008-08-24 15:00 authorized_keys.3 -rw-r--r-- 1 david dcr 603 2008-08-21 19:35 id_dsa.pub.alchemy -rw-r--r-- 1 david dcr 602 2008-08-21 21:31 id_dsa.pub.alchemyr -rw-r--r-- 1 david dcr 601 2008-01-08 15:34 id_dsa.pub.bonzanew -rw-r--r-- 1 david dcr 600 2008-01-25 20:49 id_dsa.pub.bonzar -rw-r--r-- 1 david dcr 599 2008-05-16 20:51 id_dsa.pub.fax -rw-r--r-- 1 david dcr 598 2008-05-16 20:52 id_dsa.pub.faxr <Big Snip> -rw-r--r-- 1 david dcr 603 2008-01-01 22:39 id_dsa_putty.pub -rwxrwxr-- 1 david dcr 715 2008-10-22 22:40 newkeys* The authorized_keys file will contain all of your public_keys so that you can easily update all of your linux boxes with a complete authorized_keys that will allow access between your machines. (2) After you have all of your keys collected in the directory, use the newkeys script to create the new authorized_keys and create a backup of the last one you used (i.e. authorized_keys.1, authorized_keys.2, etc.). The script is: #!/bin/bash # ## Check for root # ROOT_UID=0 E_NOTROOT=67 if [ "$UID" -ne "$ROOT_UID" ]; then echo -e "\nYou must be root to run this script.\nUser: $USER$, UID: $UID can't!\n" exit $E_NOTROOT fi # ## Backup Authorized_Keys file # for ((i=3;i>0;i--)); do let NEXT=i+1 case "$i" in "3" ) if [[ -w "authorized_keys.3" ]]; then rm "authorized_keys.3"; fi;; * ) if [[ -w "authorized_keys.${i}" ]]; then mv "authorized_keys.${i}" "authorized_keys.${NEXT}"; fi;; esac done if [[ -w "authorized_keys" ]]; then mv authorized_keys authorized_keys.1 fi # ## Create New Authorized_Keys File # for i in $(ls id_dsa*); do cat ${i} >> authorized_keys done exit 0 (3) Lastly, keep a 'getnewkeys' script on each machine to backup the current machines authorized_keys file and retrieve the new authorized_keys file from the central directory each time you add a key to it. The getnewkeys script is simply: #!/bin/bash mv authorized_keys authorized_keys.sav cp /PATH_TO_CENTRAL/public_keys/authorized_keys . #NOTE: change path chown user:group authorized_keys # NOTE change user:group as needed chmod 0644 authorized_keys exit 0 Make to changes to the script noted above and you can use it to update all machines to the latest current authorized_keys file on the central server Good Luck -- again... -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org