Title: Procedure for Creating Transparent SSH Logins
Author: pdwilso@gmail.com
Version: 0.9
Date: 2009.03.12
Document Number: CPS-20090312
For this example, we will use the following names:
Local Workstation Username: luid
Local Workstation Hostname: lhost
Remote Host Username: ruid
Remote Host Hostname: rhost
The password tokens will be:
Local Workstation Key-Pair Passphrase: lwkpp Remote Host User Account Password: rhuap
Be sure to substitute the real usernames, hostnames, and passwords when performing this procedure.
ssh–keygen –t dsa –b 2048 –f ~/.ssh/id_dsa
Typically any user account that uses OpenSSH to connect to other hosts will have a hidden directory called .ssh in the user's $HOME directory. The permissions on this hidden directory must be correctly set in order for SSH to function correctly. The only acceptable permission set for .ssh is 0700 – that is: owner read/write/execute permissions only. Note that the files in the directory should be set to 0600, since the eXecute bit only needs to be set on the directory. If their are sub–directories under .ssh, those, too, will need the execute bit set (0700).
Either of the ssh commands – ssh or ssh–keygen – should craete the .ssh directory when run for the first time on the user’s account.
Otherwise, use the 'mkdir' command to make diretories, and the 'chmod' command to change permissions. See the system man pages for more about those commands [I.E. use the commands 'man mkdir' and 'man chmod'].
Below — between the cut lines — is the source code of the 'ssh–copy–id' script provided by the OpenSSH package available for OpenSuSE. This script should work on most *nix systems where SSH is installed, and may work for Cygwin installs, as well. The instructions explain how to install the script.
chmod +x ssh–copy–id
sudo cp ssh–copy–id /usr/local/bin/
or
sudo cp ssh–copy–id /usr/bin/
or even
sudo cp ssh–copy–id ~/bin/
if you don't have sudo privileges.
Use of the ssh–copy–id script is straight–forward:
ssh–copy–id uid@hostnamewhere uid is the user ID on the remote host to which the SSH ID [public key] will be copied, and hostname is the hostname or the IP address of the remote machine.
The local user's public key is copied to the ~/.ssh/known_hosts file on the remote users account on the remote host.
Once the public key exists in the remote known_hosts file, the user should be able to log into the remote host without using a password, provided
This source code is copied directly from the executable file found using the command
cat ‘which ssh–copy–id‘ > copyidsrc
The code has been "HTMLized" by the Kate Advanced Text Editor.
=====[cut here]=====
#!/bin/sh
# Shell script to install your identity.pub on a remote machine
# Takes the remote machine name as an argument.
# Obviously, the remote machine must accept password authentication,
# or one of the other keys in your ssh-agent, for this to work.
ID_FILE="${HOME}/.ssh/identity.pub"
if [ "-i" = "$1" ]; then
shift
# check if we have 2 parameters left, if so the first is the new ID file
if [ -n "$2" ]; then
if expr "$1" : ".*\.pub" > /dev/null ; then
ID_FILE="$1"
else
ID_FILE="$1.pub"
fi
shift # and this should leave $1 as the target name
fi
else
if [ x$SSH_AUTH_SOCK != x ] ; then
GET_ID="$GET_ID ssh-add -L"
fi
fi
if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
GET_ID="cat ${ID_FILE}"
fi
if [ -z "`eval $GET_ID`" ]; then
echo "$0: ERROR: No identities found" >&2
exit 1
fi
if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
exit 1
fi
{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1
cat <<EOF
Now try logging into the machine, with "ssh '$1'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
EOF
=====[cut here]=====