Ssh

From Wiki

Jump to: navigation, search

Contents

Remained Logged in Via SSH

Sometimes connections drop between servers when ssh'd in. Skynet is an example of this. Add these lines to .ssh/config

Host *
ServerAliveInterval 120
ServerAliveCountMax 3 

ssh host based authentication

This allows people logged into Server A automatically log into Server B without a password *or* sshkeys. Auth is via the Servers. Here is the main how-to: http://blogs.nonado.net/diamond/2006/11/19/ssh-with-host-based-authentication/ I hope diamond wont mind, but I'll copy his how-to here for archive purposes.

What i wanted to do was allow any users on host A be able to ssh to host B using ssh v2 and be automatically logged in. So, these are the steps i took:

Step by Step

  • On A, i added the following to /etc/ssh/ssh_config:
Host *
  EnableSSHKeysign yes
Host B.example.com
  HostbasedAuthentication yes
  • On B, i set the following config options in /etc/ssh/sshd_config:
IgnoreRhosts yes
HostbasedAuthentication yes
//Remember to reload the sshd config after editing 
  • On B, i added the fqdn of A to /etc/ssh/shosts.equiv:
A.exmaple.com
  • On B, i used the following to add the public RSA key of A to ssh_known_hosts:
ssh-keyscan -vt dsa A.example.com >> /etc/ssh/ssh_known_hosts

Note: the fqdn of A used above has to be the same as the result of a reverse dns lookup on it’s IP.

Further Tweak

To add a piece to the above how-to: There was a discrepancy between dsa and rsa keys IMO. Although going via ssh would login fine without prompting to accept a key, in order to get pine to autologin, a rsa key had to be added.

On host A:
ssh-keyscan -vt rsa B.example.com >> /etc/ssh/ssh_known_hosts

That worked it -)

Regenerate System SSH Keys

After the recent debian issue with openssl, all ssh keys had to be regenerated. Here is the easies method for doing the system ssh keys:

rm /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server



Information got from:

http://forums.macosxhints.com/showthread.php?p=296252

Personal tools