Solved

MAC password less login to redhat box

Posted on 2011-02-17
4
335 Views
Last Modified: 2012-05-11
Hi,

I have already followed the instrauctions from https://macmedic.co.uk/howto/ssh.html, I am even restarting the entire PC with the new changes and I am not getting anything.

Can anyone shed some light please?.

Mike
0
Comment
Question by:dpoper1
  • 2
  • 2
4 Comments
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 250 total points
Comment Utility
Firefox blocks me from going there, says it has an invalid security certificate.
0
 

Author Comment

by:dpoper1
Comment Utility
You have to accept the certificate, I have also copied and pasted the content of the site.
OpenSSH Client and Server Setup on Mac OS X
All texts and images ©2003 hotblack@macmedic.co.uk
Edited by jzaw@macmedic.co.uk
Disclaimer:- use at own discretion, no warranty given or implied
Last update Fri 24/01/2003 00:18 GMT

    * Key Generation and Transfer
          o First we need to generate the public/private key pairs that ssh will use for authentication. This is all done in the CLI, so you should have some basic familiarity with using the Terminal application. We're also assuming you have a normal user account on both the host and client machines.
          o SSH key-pairs are generated with the ssh-keygen command. We will generate a 1024 bit DSA key for use with the SSH-2 protocol. In the CLI on the client machine type:
                + ssh-keygen -b 1024 -t dsa
                + When prompted for a location save the key, press enter to use the default location.
                + When prompted for a passphrase, enter a phrase longer than 10 characters - preferably not a simple one - containing a mix of normal characters, punctuation, numbers, whitespaces etc. This step can be skipped, but it adds a layer of security. 
          o We now need to copy the public part of the key to the host machine, this can be done in a number of ways - telnet, ftp, e-mail, ssh. We'll explain how to copy the public key to another OS X machine acting as an SSH server.
                + First activate the SSH server on the host machine via System Preferences -> Sharing -> Remote Login. (Plain telnet was used in versions of OS X previous to 10.1).
                + This activates the SSH server using the default OpenSSH configuration which allows remote login with various fallbacks, but does provide an encrypted data path between the two machines. We will further secure the host machine later, but the default setup will suffice for now - particularly as we have yet to copy the public part of our key to the host machine!
                + Now copy your public key to the authorized key section of the host machine with the following command:
                      # scp ~/.ssh/id_dsa.pub <ip_of_host_machine>:~/.ssh/authorized_keys2
                      # You will be prompted that the authenticity of the host cannot be verified, shown it's key fingerprint and asked if you wish to continue, say yes. this will add the servers fingerprint to your local list of known (and trusted) hosts.
                      # When asked to provide a password, use the password for your user account on the remote (host) machine.
                      # If your prompted that the directory doesn't exist, create it either via direct access to the host machine, or by logging in with ssh:
                            * ssh <ip_of_host_machine>
                            * Enter password for account on the host machine
                            * mkdir ~/.ssh
                            * exit and repeat the scp command to copy your public key. 
                      # You now have the public part of your public-private key-pair on the remote machine (and both the public and private keys in a folder .ssh in your home directory on the local machine).
                      # you've also used ssh and scp to connect to the host machine and while the authentication process was made using a secure data path (so it could not be found out via sniffing methods) only your normal password was used. In the next section we will configure the ssh server to not use the fallbacks, allowing authentication only by use of a public-private key pair and passphrase. This adds a large level of security to the setup. 
    * Securing
          o If you now attempt to login to the ssh server, you will be prompted for the passphrase you entered when you first generated your key-pair. If you don't enter this (ie press enter) the ssh server falls back to normal password authentication and prompts you for the password for your user account on the host machine. We want to further secure the authentication, so must change the configuration of the server by modifying the files /private/etc/ssh_config and /private/etc/sshd_config.
          o login to the server machine using ssh
                + ssh <ip_of_host_machine>
                + Either enter your passphrase for the key you generated, or use the normal user account password fallback. 
          o Using your favourite CLI editor (pico, vi, emacs, etc) edit the file /private/etc/sshd_config (you'll need to su or sudo to change this file) as follows. This changes the configuration of the ssh daemon on the host machine.
          o uncomment and change the following lines as necessary:
                + PermitRootLogin no
                + PasswordAuthentication no
                + PermitEmptyPasswords no
                + PubKeyAuthentication yes
                + RSAAuthentication no
                + RhostsAuthentication no
                + ChallengeResponseAuthentication no
                + PAMAuthenticationViaKbdInt no 
          o Optional: On the client machine: Using your favourite CLI editor (pico, vi, emacs, etc) edit the file /private/etc/ssh_config (you'll need to su or sudo to change this file) as follows. This will change the configuration of the ssh client program on the client machine.
                + uncomment and change the following lines as necessary:
                      # RSAAuthentication no
                      # PasswordAuthentication no 
          o Exit from the ssh session and restart the ssh daemon by typing in a terminal
                      # sudo SystemStarter -v restart SSH (note the capitalisation)
                      # <Password> if you're asked for your password 
            or by turning Remote Login off and back on in the sharing panel in System Preferences, in the GUI, or by restarting the host machine. 
    * Use
          o You can now use the ssh and scp commands to remotely and securely connect to and transfer files between your host and client machines.
                + ssh hostname | user@hostname
                      # eg ssh 127.0.0.1 or shh fred_bloggs@myServer.org 
                + scp hostname:<path_to_source_file> hostname:<path_to_destination_file>
                      # eg scp ~/Documents/hello_world.c myserver.org:~/docs/hello_world.c 
                + For further information on the OpenSSH suite:
                + The OpenSSH Website
                + man pages for ssh, scp, ssh-add, ssh-agent, ssh-keygen, ssh-keyscan, ssh-keysign, sshd, sftp, sftp-server, ssh_config, and sshd_config.
                + The O'Reilly book, SSH: The Secure Shell - The Definitive Guide and it's associated website.

Open in new window

0
 

Author Closing Comment

by:dpoper1
Comment Utility
Very poor support
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
Accepting invalid security certificates is something I just don't do.  I was just telling you so you'd know if you didn't already.

You could have clicked on "Request Attention" above and gotten others to look at your question.  If you want to "Request Attention" and re-open your question, that would be fine with me.  I don't need the points.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Create a default user profile for Mac OS X 10.7/10.8 Create a user account on OS X that will be a template for every other user of that computer. I usually call it “profile” and make it an administrator account for the time being. 1. Install a…
There is a security feature on iOS devices that is nearly impenetrable when it has been activated.  This article will provide some possible solutions as well as necessary steps to take to ensure you do not end up with a locked device.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now