SSH Install and Config Cookbook - ssh with no password Caveat: This may not be the absolute most

secure method, but it works well when all boxes are behind the same firewall. not suggest the empty passphrase on boxes exposed directly to the internet. Install ssh software on your server: [root@smallbox] / > swinstall -s bigbox:/var/opt/ignite/depot T1471AA ssh to Master server to get its key fingerprint into your /.ssh/known_hosts file: [root@smallbox] / > ssh bigbox The authenticity of host 'bigbox (10.10.10.##)' can't be established. RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'bigbox,10.10.10.##' (RSA) to the list of known hosts. Password: Last login: Fri May 28 05:01:15 2004 from medbox [root@bigbox] / > ssh from Master server to get your key fingerprint into its /.ssh/known_hosts file: [root@bigbox] / > ssh smallbox The authenticity of host 'smallbox (10.10.10.##)' can't be established. RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'smallbox,10.10.10.##' (RSA) to the list of known hosts. Password: Last login: Fri May 28 08:42:50 2004 from bigbox [root@smallbox] / > Log off of your server and then off of Master server to get back to original login shell: [root@smallbox] / > exit [root@bigbox] / > exit [root@smallbox] / > CD to the /.ssh directory on your server: [root@smallbox] / > cd .ssh [root@smallbox] /.ssh > Generate public/private dsa key pairs: Use empty passphrase [root@smallbox] /.ssh > ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (//.ssh/id_dsa):

Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in //.ssh/id_dsa. Your public key has been saved in //.ssh/id_dsa.pub. The key fingerprint is: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@smallbox Generate public/private rsa key pairs: Use empty passphrase [root@smallbox] /.ssh > ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (//.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in //.ssh/id_rsa. Your public key has been saved in //.ssh/id_rsa.pub. The key fingerprint is: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@smallbox Copy Master servers public key to your server: [root@bigbox] /.ssh > scp id_dsa.pub smallbox:/.ssh/bigbox_dsa_pub Password: id_dsa.pub 100% 603 0.0KB/s 00:00 Add Master servers public key to your servers /.ssh/authorized_keys : [root@smallbox] /.ssh > cat bigbox_dsa_pub >> /.ssh/authorized_keys ssh will ignore /.ssh/authorized_keys unless it is readable only by you: [root@smallbox] /.ssh > chmod 600 /.ssh/authorized_keys You should now be able to ssh from Master server to your server without a password: [root@bigbox] /.ssh > ssh smallbox Last login: Fri May 28 09:25:04 2004 from bigbox Value of TERM has been set to "dtterm". WARNING: YOU ARE SUPERUSER !! [root@smallbox] / > [root@smallbox] / > exit [root@bigbox] /.ssh >