On 2007-May-10 11:13:26 +0000, Darren Reed <darrenr_at_hub.freebsd.org> wrote: >Oh, and how do I fix ssh/rsh to do passwordless sessions? Assuming you are using OpenSSH on both ends, use HostBasedAuthentication: Client side: - make /usr/libexec/ssh-keysign setuid root - add the server's host key to known_hosts - Set "HostbasedAuthentication yes" and "EnableSSHKeysign yes" in config Server side: - add the client's host key to /etc/ssh/ssh_known_hosts - Set "HostbasedAuthentication yes" and "IgnoreRhosts no" in /etc/ssh/sshd_config. You may also need "PermitRootLogin without-password" - Add the relevant entry to ~/.shosts - Make sure ~/ and ~/.shosts are only writable by the owner I think that's all but I'm working from memory so I may have missed an option somewhere. ssh debugging options are very useful for working out why it isn't working. -- Peter Jeremy
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:10 UTC