| View previous topic :: View next topic |
| Author |
Message |
mike_d
n00b
Joined: 05 Feb 2004
Posts: 45
|
 Posted: Wed Jun 15, 2005 2:04 pm Post subject: SSH autoauthentication using shosts |
 |
|
I have a numer of computers here at home that i'd like any user to be able to ssh into without giving a password. From reading the documentation, it looks like using a .shosts file is the ideal thing for me. that way i can put all of the compuers on my lan in the .shosts and be able to ssh among all the computers without issue. i'm not worried about security because all the computers are physically located in my house and everything is firewalled from the internet.
i've tried setting things like HostbasedAuthentication, and RhostAuthentiation, and everything in the man page but i can't get it to work. it either keeps asking for the password, or it says something like 'no authentication available'. i'd appreciate it if someone who has something like this working could send me their sshd_config and ssh_config files.
note: i don't want to use the public key stuff where you use authorized_keys file because i'd have to set that up for every user, i just want a way to have any user on any of the machines to be able to login to another one without using a password.
thanks!
mike |
|
| Back to top |
|
 |
occ
Apprentice
Joined: 06 May 2005
Posts: 202
|
| Posted: Wed Jun 15, 2005 3:08 pm Post subject: |
|
|
| Quote: | | i'm not worried about security because all the computers are physically located in my house and everything is firewalled from the internet. |
Then it's a complete waste tu use ssh.
If your going to be insecure, then use rsh instead.
(emerge netkit-rsh) |
|
| Back to top |
|
|
mike_d
n00b
Joined: 05 Feb 2004
Posts: 45
|
| Posted: Wed Jun 15, 2005 6:50 pm Post subject: |
|
|
| occ wrote: | | Quote: | | i'm not worried about security because all the computers are physically located in my house and everything is firewalled from the internet. |
Then it's a complete waste tu use ssh.
If your going to be insecure, then use rsh instead.
(emerge netkit-rsh) |
does rsh do automatic X forwarding? i remember trying this a long time ago (4 or 5 year) and rsh didn't take care of x forwarding, so it was a big pain to run x application remotely with rsh. |
|
| Back to top |
|
|
occ
Apprentice
Joined: 06 May 2005
Posts: 202
|
| Posted: Wed Jun 15, 2005 8:58 pm Post subject: |
|
|
No, not 'automatic' X forwarding, yet the good old xauth and an export DISPLAY do the job, you can even automate that somewhat.
But, you'd still way beffer off doing vnc-like session if you want to do remote X.
I do connect on a daily basis to machine very remote  , and tightVNC, for instance, beats X forwarding by an order of magnitude. The other good thing of vnc is that if you connection drop (for whatever reason, and yes it does happen on a local network too), all you have to do is to restart you vnc vlient and everything is still there....
BTW, I havent tried it yet, but I've been told that NX is even better than vnc....
PS: when troubleshooting ssh, alwasy use ssh -v. that will tell you in detail what ssh is doing, what it is trying and what failed... |
|
| Back to top |
|
|
mike_d
n00b
Joined: 05 Feb 2004
Posts: 45
|
| Posted: Wed Jun 15, 2005 9:04 pm Post subject: |
|
|
| occ wrote: | | No, not 'automatic' X forwarding, yet the good old xauth and an export DISPLAY do the job, you can even automate that somewhat. |
i guess i could use that as a last resort. but my goal is to make this wifeproof (or at least wiferesistant). i want an icon on the desktop that runs "ssh remotemachine -f remoteprogram" and have it automatically display locally. if i could just get ssh to authenticate via .shosts or shosts.equiv then this would be a trivial solution.
| occ wrote: |
But, you'd still way beffer off doing vnc-like session if you want to do remote X.
I do connect on a daily basis to machine very remote , and tightVNC, for instance, beats X forwarding by an order of magnitude. The other good thing of vnc is that if you connection drop (for whatever reason, and yes it does happen on a local network too), all you have to do is to restart you vnc vlient and everything is still there....
BTW, I havent tried it yet, but I've been told that NX is even better than vnc....
|
vnc won't work for my purposes, i only want to run a few xapps on the remote systems and have them displayed on the local machine. rather than running the xserver remotely and capturing that. then more than one person can run xapps on the same remote machine and have it display on their local machine.
| occ wrote: |
PS: when troubleshooting ssh, alwasy use ssh -v. that will tell you in detail what ssh is doing, what it is trying and what failed... |
forgot about ssh -v, i'll give that a try when i get home.
mike |
|
| Back to top |
|
|
occ
Apprentice
Joined: 06 May 2005
Posts: 202
|
| Posted: Wed Jun 15, 2005 11:29 pm Post subject: |
|
|
| Quote: | | but my goal is to make this wifeproof (or at least wiferesistant). |
Whoaa! I didn't realize you were that ambitious Good luck with that. 
Seriously, if you have only a couple of user to deal with, DSA public key scheme is very easy.
AS your wife's user on the remote machine:
$> ssh-keygen -t dsa
type <ret> for the passphrase and use the default file location.
the copy ~/.ssh/id_dsa.pub to the 'local machine and cat id_dsa.pub >> ~/.ssh/authorized_keys2
make sure that authorized_keys2 is correctly spelled and is 600 (-rw-------) and of course has the proper owner/group
on your remote machine, the sshd_config should look like
(i show only non default value)
PermitRootLogin no # it's not a good idea to allow root to log directly, but if you really don;t care about security...it's up to you
RSAAuthentication no # I want to force DSA public key scheme. if you don't have a key, you don't come in
PasswordAuthentication no # again, I don't want any other authetification than DSA key
ChallengeResponseAuthentication no # same story
UsePAM yes
# these are what I use, and it works.... you mileage may vary
beware that be default X11Forwarding is off
so you want...
X11Forwarding yes
Dont forget to restart you sshd after making changes.... |
|
| Back to top |
|
|
mike_d
n00b
Joined: 05 Feb 2004
Posts: 45
|
|
| Back to top |
|
|
mauricev
Apprentice
Joined: 22 Mar 2004
Posts: 203
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
