Je veux me connecter à un serveur SSH (debian ip=10.0.0.7) appelé debianvdr à partir d'un powerbook macosx appelé PBJH et ce sans entrer de mot de passe. Il y a un compte hanoteau sur les deux machines.
Prérequis la connexion ssh avec mot de passe fonctionne.
Sur le client (PBJH) il faut entrer les commandes suivantes:
PBJH:~ hanoteau$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/Users/hanoteau/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/hanoteau/.ssh/id_dsa.
Your public key has been saved in /Users/hanoteau/.ssh/id_dsa.pub.
The key fingerprint is:
XX:XX:XX................................. hanoteau@PBJH.local
PBJH:~ hanoteau$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/hanoteau/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/hanoteau/.ssh/id_rsa.
Your public key has been saved in /Users/hanoteau/.ssh/id_rsa.pub.
The key fingerprint is:
XX:XX:XX:................................. hanoteau@PBJH.local
PBJH:~ hanoteau$ cd .ssh
PBJH:~/.ssh hanoteau$ ls
id_dsa id_dsa.pub id_rsa id_rsa.pub known_hosts
PBJH:~/.ssh hanoteau$ scp *.pub 10.0.0.7:/home/hanoteau
Password:
id_dsa.pub 100% 609 459.6KB/s 00:00
id_rsa.pub 100% 229 213.5KB/s 00:00
PBJH:~/.ssh hanoteau$
Ensuite sur le serveur (ip 10.0.0.7):
hanoteau@debianvdr:~$ cd /home/hanoteau
hanoteau@debianvdr:~$ mkdir .ssh
hanoteau@debianvdr:~$ cp *.pub .ssh/
hanoteau@debianvdr:~$ cd .ssh
hanoteau@debianvdr:~/.ssh$ ls
id_dsa.pub id_rsa.pub
hanoteau@debianvdr:~/.ssh$ cat id_dsa.pub >> authorized_keys
hanoteau@debianvdr:~/.ssh$ cat id_rsa.pub >> authorized_keys
Désormais on se connecte sans mot de passe depuis le compte hanoteau de PBJH sur le compte hanoteau de debianvdr avec ssh:
PBJH:~ hanoteau$ ssh 10.0.0.7
Linux debianvdr 2.6.15-1-686 #2 Thu Feb 23 05:41:01 CET 2006 i686 GNU/Linux
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.
Last login: Sat Mar 11 17:11:00 2006 from pbjh.lan
hanoteau@debianvdr:~$
1 commentaire:
You should have very strict permissions for this to work in general
hanoteau@debianvdr:~$ chmod -R go-rwx .ssh
et si c'est pas nécessaire pour fonctionner c'est au moins nécessaire pour avoir une sécurité acceptable.
Dank U Marc for this suggestion
Enregistrer un commentaire