This is an old revision of the document!
Table of Contents
Ssh
Remained Logged in Via SSH
Sometimes connections drop between servers when ssh'd in. Skynet is an example of this. Add these lines to .ssh/config
Host * ServerAliveInterval 120 ServerAliveCountMax 3
ssh host based authentication
This allows people logged into Server A automatically log into Server B without a password *or* sshkeys. Auth is via the Servers. Here is the main how-to: http://blogs.nonado.net/diamond/2006/11/19/ssh-with-host-based-authentication/ I hope diamond wont mind, but I'll copy his how-to here for archive purposes.
What i wanted to do was allow any users on host A be able to ssh to host B using ssh v2 and be automatically logged in. So, these are the steps i took:
Step by Step
- On A, i added the following to /etc/ssh/ssh_config:
Host *
EnableSSHKeysign yes
Host B.example.com
HostbasedAuthentication yes * On B, i set the following config options in /etc/ssh/sshd_config:
IgnoreRhosts yes HostbasedAuthentication yes //Remember to reload the sshd config after editing
- On B, i added the fqdn of A to /etc/ssh/shosts.equiv:
A.exmaple.com
- On B, i used the following to add the public RSA key of A to ssh_known_hosts:
ssh-keyscan -vt dsa A.example.com » /etc/ssh/ssh_known_hosts
Note: the fqdn of A used above has to be the same as the result of a reverse dns lookup on it’s IP.
Further Tweak
To add a piece to the above how-to: There was a discrepancy between dsa and rsa keys IMO. Although going via ssh would login fine without prompting to accept a key, in order to get pine to autologin, a rsa key had to be added. On host A: ssh-keyscan -vt rsa B.example.com » /etc/ssh/ssh_known_hosts That worked it -)
Regenerate System SSH Keys
After the recent debian issue with openssl, all ssh keys had to be regenerated. Here is the easies method for doing the system ssh keys: rm /etc/ssh/ssh_host_* dpkg-reconfigure openssh-server
Information got from: