On Fri, 12 Apr 2002, village idiot wrote:

> I am trying to figure out how to set up authorized
> keys to be able to use secure copy and ssh login
> without promting for password.
>
> I thought all I had to do was start the key-gen thing.
> Then copy the identity.pub into authorized_keys on
> other machines.

You also need to make sure the client and server are configured to allow
this:

For protocol 2, PubkeyAuthentication defaults to "yes".
For protocol 1, RSAAuthentication defaults to "yes".

Also, for some versions of ssh, you need to use authorized_keys2 for
protocol 2. But for recent ssh, you use authorized_keys.

> Is this not the way to do it on NetBSD? I have googled
> a bit, and this is how it is stated for other Unix
> based OS's.

It is the same.

> What I have done so far is run the key-gen on 1 pc,
> wich produces a file called id_dsa_1024_a.pub. Then I
> do a cat on that, which produces something like:
>
> ---- BEGIN SSH2 PUBLIC KEY ----
> Subject: root
> Comment: "1024-bit dsa, root@computername, Sat Apr 13
> 2002 00:37:05 -0700"
> AAAAB3+GIsb   [...<snip>....] LepnW92Wm95zH9QbHQ==
> ---- END SSH2 PUBLIC KEY ----

That looks different than I see. The public key looks like:

ssh-dss AAAAB3...

> Then I have made a file on remote system in
> ~root/.ssh/ called authorized_keys and pasted the
> content in there. Is this not the way to do it? What
> should I paste in?

I just append in the one-line "ssh-dss AAAAB3....." line. (And then I
usually set up options to only allow that key from certain hosts.)

> Will it be a problem since I am doing this as root?

I do it as root. Check your PermitRootLogin settings.

> And also, will it be a problem not having a root
> password?

It can work without root having a password.

   Jeremy C. Reed
   http://www.reedmedia.net/