MAC password less login to redhat box

Posted on 2011-02-17
Medium Priority
Last Modified: 2012-05-11

I have already followed the instrauctions from https://macmedic.co.uk/howto/ssh.html, I am even restarting the entire PC with the new changes and I am not getting anything.

Can anyone shed some light please?.

Question by:dpoper1
  • 2
  • 2
LVL 84

Accepted Solution

Dave Baldwin earned 500 total points
ID: 34918421
Firefox blocks me from going there, says it has an invalid security certificate.

Author Comment

ID: 34918733
You have to accept the certificate, I have also copied and pasted the content of the site.
OpenSSH Client and Server Setup on Mac OS X
All texts and images ©2003 hotblack@macmedic.co.uk
Edited by jzaw@macmedic.co.uk
Disclaimer:- use at own discretion, no warranty given or implied
Last update Fri 24/01/2003 00:18 GMT

    * Key Generation and Transfer
          o First we need to generate the public/private key pairs that ssh will use for authentication. This is all done in the CLI, so you should have some basic familiarity with using the Terminal application. We're also assuming you have a normal user account on both the host and client machines.
          o SSH key-pairs are generated with the ssh-keygen command. We will generate a 1024 bit DSA key for use with the SSH-2 protocol. In the CLI on the client machine type:
                + ssh-keygen -b 1024 -t dsa
                + When prompted for a location save the key, press enter to use the default location.
                + When prompted for a passphrase, enter a phrase longer than 10 characters - preferably not a simple one - containing a mix of normal characters, punctuation, numbers, whitespaces etc. This step can be skipped, but it adds a layer of security. 
          o We now need to copy the public part of the key to the host machine, this can be done in a number of ways - telnet, ftp, e-mail, ssh. We'll explain how to copy the public key to another OS X machine acting as an SSH server.
                + First activate the SSH server on the host machine via System Preferences -> Sharing -> Remote Login. (Plain telnet was used in versions of OS X previous to 10.1).
                + This activates the SSH server using the default OpenSSH configuration which allows remote login with various fallbacks, but does provide an encrypted data path between the two machines. We will further secure the host machine later, but the default setup will suffice for now - particularly as we have yet to copy the public part of our key to the host machine!
                + Now copy your public key to the authorized key section of the host machine with the following command:
                      # scp ~/.ssh/id_dsa.pub <ip_of_host_machine>:~/.ssh/authorized_keys2
                      # You will be prompted that the authenticity of the host cannot be verified, shown it's key fingerprint and asked if you wish to continue, say yes. this will add the servers fingerprint to your local list of known (and trusted) hosts.
                      # When asked to provide a password, use the password for your user account on the remote (host) machine.
                      # If your prompted that the directory doesn't exist, create it either via direct access to the host machine, or by logging in with ssh:
                            * ssh <ip_of_host_machine>
                            * Enter password for account on the host machine
                            * mkdir ~/.ssh
                            * exit and repeat the scp command to copy your public key. 
                      # You now have the public part of your public-private key-pair on the remote machine (and both the public and private keys in a folder .ssh in your home directory on the local machine).
                      # you've also used ssh and scp to connect to the host machine and while the authentication process was made using a secure data path (so it could not be found out via sniffing methods) only your normal password was used. In the next section we will configure the ssh server to not use the fallbacks, allowing authentication only by use of a public-private key pair and passphrase. This adds a large level of security to the setup. 
    * Securing
          o If you now attempt to login to the ssh server, you will be prompted for the passphrase you entered when you first generated your key-pair. If you don't enter this (ie press enter) the ssh server falls back to normal password authentication and prompts you for the password for your user account on the host machine. We want to further secure the authentication, so must change the configuration of the server by modifying the files /private/etc/ssh_config and /private/etc/sshd_config.
          o login to the server machine using ssh
                + ssh <ip_of_host_machine>
                + Either enter your passphrase for the key you generated, or use the normal user account password fallback. 
          o Using your favourite CLI editor (pico, vi, emacs, etc) edit the file /private/etc/sshd_config (you'll need to su or sudo to change this file) as follows. This changes the configuration of the ssh daemon on the host machine.
          o uncomment and change the following lines as necessary:
                + PermitRootLogin no
                + PasswordAuthentication no
                + PermitEmptyPasswords no
                + PubKeyAuthentication yes
                + RSAAuthentication no
                + RhostsAuthentication no
                + ChallengeResponseAuthentication no
                + PAMAuthenticationViaKbdInt no 
          o Optional: On the client machine: Using your favourite CLI editor (pico, vi, emacs, etc) edit the file /private/etc/ssh_config (you'll need to su or sudo to change this file) as follows. This will change the configuration of the ssh client program on the client machine.
                + uncomment and change the following lines as necessary:
                      # RSAAuthentication no
                      # PasswordAuthentication no 
          o Exit from the ssh session and restart the ssh daemon by typing in a terminal
                      # sudo SystemStarter -v restart SSH (note the capitalisation)
                      # <Password> if you're asked for your password 
            or by turning Remote Login off and back on in the sharing panel in System Preferences, in the GUI, or by restarting the host machine. 
    * Use
          o You can now use the ssh and scp commands to remotely and securely connect to and transfer files between your host and client machines.
                + ssh hostname | user@hostname
                      # eg ssh or shh fred_bloggs@myServer.org 
                + scp hostname:<path_to_source_file> hostname:<path_to_destination_file>
                      # eg scp ~/Documents/hello_world.c myserver.org:~/docs/hello_world.c 
                + For further information on the OpenSSH suite:
                + The OpenSSH Website
                + man pages for ssh, scp, ssh-add, ssh-agent, ssh-keygen, ssh-keyscan, ssh-keysign, sshd, sftp, sftp-server, ssh_config, and sshd_config.
                + The O'Reilly book, SSH: The Secure Shell - The Definitive Guide and it's associated website.

Open in new window


Author Closing Comment

ID: 35111878
Very poor support
LVL 84

Expert Comment

by:Dave Baldwin
ID: 35112452
Accepting invalid security certificates is something I just don't do.  I was just telling you so you'd know if you didn't already.

You could have clicked on "Request Attention" above and gotten others to look at your question.  If you want to "Request Attention" and re-open your question, that would be fine with me.  I don't need the points.

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Even though Mac OS X has been around for many years now, certain well-liked and eminently useful software apps never made the jump from Mac OS 9 to Mac OS X. Ever used Word Perfect for Mac? Version 3.5 was the last version, built for Mac OS 9. Who c…
This article describes in detail how to set up the iPad in the Enterprise using iPCU aka iPhone Configuration Utility.  This could also be used for the iPhone although I have not detailed out any differences. Preparation as an iPad Administrator:…
Watch the video to learn how one can deal with PST file corruption issue with an outstanding Kernel for Outlook PST Repair Tool easily. Using this tool, non-technical users can swiftly perform the repair process to restore their essential data witho…
In the video, one can understand the process of resizing images in single or bulk. Kernel Bulk Image Resizer is an easy to use tool for resizing large number of images. One can add and resize multiple images with this tool in single go. The video sh…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question