Using ssh2 and scp2 without passwords

How to achieve password-free access between ssh and openssh clients and servers using the more secure ssh2 protocol (ssh1 is not recommended)

First, determine which kind of ssh client you have on your local machine:
Run the command: ssh -V

The result of the command should look like one of the following two:

sc0> ssh -V
ssh: SSH Secure Shell 3.2.0 (non-commercial version) on alpha-dec-osf5.1

lc0> ssh -V
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f

If you have an SSH client:

To set up password-free access to an SSH server (eg. the SC cluster)

1. On your SSH client machine:
   • Run the command: ssh-keygen2
     (When it asks for a Passphrase just hit return, for a NULL passphrase)

   • Two keys will be created in the .ssh2 directory in your home directory:
     id_dsa_1024_a and id_dsa_1024_a.pub.

2. On the SSH server machine (eg. the SC cluster):
   • The administrator needs to make sure that /etc/sshd_config has RSAAuthentication yes
   • Copy the key named id_dsa_1024_a.pub from the .ssh2 directory in your home directory on your SSH client machine to the .ssh2 directory in your home directory. (Create a .ssh2 directory if one doesn't already exist.)

     NB: It would be a good idea to give this key a host specific name if you are going to do this from a number of clients, for example:
     sfclient-id_dsa_1024_a.pub

   • Edit (or create) a file named authorization in the .ssh2 subdirectory of your home directory and place the following line in it:

            key sfclient-id_dsa_1024_a.pub
     	      

   • Save the file, and your setup is complete for this client to host access.

---

To set up password-free access to an OpenSSH server (eg: the LC cluster)

1. On your SSH client machine:
   • Run the command: ssh-keygen2
     (When it asks for a Passphrase just hit return, for a NULL passphrase)

   • Two keys will be created in the .ssh2 directory in your home directory:
     id_dsa_1024_a and id_dsa_1024_a.pub.

   • Make a copy of the id_dsa_1024_a.pub file, call it something like:
     openssh-id_dsa_1024_a.pub

   • You will need to edit the openssh-id_dsa_1024_a.pub file to make it compatible with OpenSSH as follows:
     1. Remove the first 3 comment lines that look like the following:

               ---- BEGIN SSH2 PUBLIC KEY ----
               Subject: rbd900
               Comment: "1024-bit dsa, rbd900@sf, Thu Nov 01 2001 11:02:41 +1100"
        

     2. Remove the last comment line that looks like the following:

               ---- END SSH2 PUBLIC KEY ----
        

     3. Join all the remaining lines together into one long line.

     4. Prepend "ssh-dss " to the start of the key line.

     5. Append " your_userid@your_client_hostname" to the end of the key line.

        The key line should now look like the following:
        

        	      
        ssh-dss  
        AAAAB3NzaC1kc3MAAACBAMXBianK0GRzEKB7onAkTTv9YgWQUMjYta0E6oyvjIIEaoFrAsiN 
        Ik96/uT/e2JN7RWzrHcSRuEt8/J3ffv1WCLcRURoY+wR+RSy8Wu6hPOef/sx1fUEqAUe7KR7
        /nI2W/GQRm7Y1mrcj5JHDRYo7+9oSBsRs7HF3JEIc8rYJRpvAAAAFQDvRsEjsPesrZ9wsfDb
        8Eemf9ARwwAAAIEAoAGyW1HeD2Z1HF7oMGlgJCVIBLwaUhJVZNy5d2zmGH+ZkFoPrEjI6d6R
        lC51synu/OqpaX5myCij40epfaloc+VGkd+AxjfeG6KDwknYJjwFP3o7lwbCkKMZww8uaAI0
        q6/p2ux2Uc9XG57n1dvad63jWNY7D1M0dBCjkvBOJ34AAACALa961rmeODYPyF3I5cD2SN+k
        gliQ+sbYcVTRqChotK2GYv5jeZNjk6NhdB4D6u8lNw99I+fZK8nN6fSYHRz9/0hkT/xzEGP2
        E8t4sZhdS1MN12pWxeuRp+5HQz/XHUQ4TA3xFz2yGDo3tRZceEi/g+NHN3Yx2wfRYeCDWE7S
        1Ek= xyz123@sc.apac.edu.au
        

        Note: there are no line breaks in the key.

     6. Add the line IdKey openssh-id_dsa_1024_a to the file identification in the .ssh2 directory in your home directory (create one if it doesn't already exist). This will ensure that your new private key (in case there are multiple copies) is found during authentication.

2. On the OpenSSH server machine (eg. the LC cluster):
   • Copy the key named openssh-id_dsa_1024_a.pub from the .ssh2 directory in your home directory on your SSH client machine to the .ssh directory in your home directory. (Create a .ssh directory if one doesn't already exist.)

   • Append openssh-id_dsa_1024_a.pub to the file authorized_keys, eg.:
     cat openssh-id_dsa_1024_a.pub >> authorized_keys

     (You can remove the openssh-id_dsa_1024_a.pub file now if you like, as it isn't used by the OpenSSH server)

   Your setup is complete for this client to host access.

If you have an OpenSSH client:

To set up password-free access to an OpenSSH server (eg. the LC cluster)

1. On your OpenSSH client machine:
   • Run the command: ssh-keygen -t dsa
     (When it asks for a Passphrase just hit return, for a NULL passphrase)

   • Two keys will be created in the .ssh directory in your home directory:
     id_dsa and id_dsa.pub

2. On the OpenSSH server machine (eg. the LC cluster):
   1. Copy the key named id_dsa.pub from the .ssh directory in your home directory on your OpenSSH client machine to the .ssh directory in your home directory. (Create a .ssh directory if one doesn't already exist.)

   2. Append id_dsa.pub to the file authorized_keys, eg.:
      cat id_dsa.pub >> authorized_keys

      (You can remove the id_dsa.pub file now if you like, as it isn't used by the OpenSSH server)

   Your setup is complete for this client to host access.

---

To set up password-free access to an SSH server (eg. the SC cluster)

1. On your OpenSSH client machine:
   • Run the command: ssh-keygen -t dsa
     (When it asks for a Passphrase just hit return, for a NULL passphrase)

   • Two keys will be created in the .ssh directory in your home directory:
     id_dsa and id_dsa.pub

   • Copy the file id_dsa.pub to something like myclient_ssh-id_dsa.pub

   • Edit the ssh-id_dsa.pub file as follows to work with an SSH server:
     1. Remove the "ssh-dss " from the start of the key line.
     2. Remove the " username@hostname.domain" from the end of the key line
     3. Add this line to the top:
        ---- BEGIN SSH2 PUBLIC KEY ----
     4. Add this line to the bottom:
        ---- END SSH2 PUBLIC KEY ----
     5. The myclient_ssh-id_dsa.pub file should then look like the following:

        ---- BEGIN SSH2 PUBLIC KEY ----
        AAAAB3NzaC1kc3MAAACBAKmGXOW+7NFkykfQHwvzAOqGOQHs4YSXIzIOPwtaHBv3O93zRhXg 
        rbzYzYI6DWLcR/6zwVC58dTVq7eDM0b8jzhiV9xjBgRo+dtCCnH30U0iH2XBej7uWah9G+JZ
        tZWTMxTrzj0/B9xiMohpxDawD2T5/PBHsUb+V3yybnioxXafAAAAFQD3vRhE1fH4uN+OO9+c
        N+avc/vSAwAAAIBi+XTDHhRBVelslMujK4QUywOIDF/N75TW7KJMjIf6nE5QtBaWBUUyy2ix
        zCUTRpj3WMd1BTlTGs9HGwheVz6a0mmww3XN7X6gionGzb7ustj74HwjtdUsmb0znXw3WNUO
        zQwNpsJ3eKDk6CuLkA7bcegmyIgdpPHMes6PfEu/lAAAAIEApHRC1UNKBE2+W97xDaPiqwFd
        M34LMPbxrK4IyOAdh+WyXH+JHY5FNpmxt8IzfbGvwtJMPYGEewcPvo7GVMfZQeH6DLBqehG7
        0eZOFM1LSSB/1CYJz1BnnDes+JNwJkfK0ZfGOSkg2FWQ0w6CrNIeOkfw0x5xEJQpV461ribp
        5hc=
        ---- END SSH2 PUBLIC KEY ----
        

        Note: there are no line breaks in the key and there are no blanks on the key line.

On the SSH server machine (eg. the SC cluster):

• Copy the key named myclient_ssh-id_dsa.pub from the .ssh directory in your home directory on your OpenSSH client machine to the .ssh2 directory in your home directory.

  (Create a .ssh2 directory if one doesn't already exist.)

• Edit (or create) a file named authorization in the .ssh2 directory in your home directory and place the following line in it:
  key myclient_ssh-id_dsa.pub

• Save the file, and your setup is complete for this client to host access.