If you want to automate logging in over SSH (for instance to schedule file transfer) you need to exchange DSA or RSA keys, coz there's no one to type a password.
While there's plenty of documentation available I still had some problems (funny how my situation always seems to be different from everybody else ;-)
To test the auto-login I used WinSCP - one of the most popular clients for Windows.
You can generate keys on Unix but if you transfer the key files to Windows, WinSCP doesn't know what to do with them.
And on Windows you can generate keys using PuttyGen (select DSA or RSA encryption) On Debian the public key file should be stored in ~user/.ssh/authorized_keys (specified in sshd_config - check to make sure) but the PuttyGen DSA public key file is in a format Unix (Debian) doesn't like - which I found out by checking SSHDs messages in /var/log/auth.log
You can fix that file by editing the file (authorized_keys) and removing everything but the key itself and putting 'ssh-dss ' in front of it (including a whitespace) and a whitespace on the end.
So here are some tips :
- 1st : read 'Password-less logins with OpenSSH'- http://www.debian-administration.org/articles/152
- check the SSHD config file /etc/sshd/sshd_config as described (not /etc/sshd/ssh_config)
- set the logging to Maximum to find out what the problem is : LogLevel DEBUG3
- check the permissions of ~user/.ssh/ (if incorrect you will see messages in the log)
- or switch off directory permissions checking : StrictModes no (switch back on later)
- restart SSHD : /etc/init.d/ssh restart
- check /var/log/auth.log
Some links : SSHD man page : http://security.web.cern.ch/security/ssh/man/sshd.8.html
WinSCP - Using Public Key authorisation : http://winscp.net/eng/docs/public_key
http://www.debian-administration.org/articles/152 |