1) Download and install the tar files exactly as described by Les Bell. The only difference for me was the openssh version. I went with the latest available as of August 12, 2000, version 2.1.1p4. Obviously you need to install on both boxes.
2) At the end of the make install the host keys should be generated. I can't remember if it asks you where to put them. Mine are in /etc/ssh.
3) You should then switch to the
/home/user/.ssh and generate the users keys.
Run ssh-keygen (generates for SSH1) and/or ssh-keygen -d (generates for SSH2).
I don't think you need to do both but I did. You need to enter a passphrase.
When prompted store in the defaults which are identity, identity.pub, id_dsa, id_dsa.pub.
4) Generate authorized_keys and authorized_keys2
cp identity.pub authorized_keys
cp id_dsa.pub authorized_keys2
5) Generate the keys as the user you want to access on your other box in the same fashion as above repeating steps 3 & 4.
6) Copy the .pub user files over to the other
system and vice versa.
cat "/location/other_machine/user.pub" >> /home/"username"/.ssh/authorized_keys(2)
Remember to put id_dsa.pub in the authorized_keys2 and identity.pub into the authorized_keys.
7) Next you need to copy over to the other
systems the public host keys. As mentioned above mine are
stored in the default /etc/ssh. You must do this
for both systems. These are entitled:
8) Make the ssh_known_hosts and
ssh_known_hosts2 on each system. These are made
in the same manner as the authorized keys, except you need to
enter the hostname and domain name (and any alias) of the box
it belongs to at the
beginning of the key:
eg) my.gateway.box,gateway,gw,x.x.x.x keyyyyyyyyyyy.......
Note the various names for the box are seperated by commas and then a space is put in before the start of the key. Do this for all the host you will be sshing to. Make sure to put the dsa_keys in the ssh_known_hosts2 and the host_keys in the other. You can tell the difference with a text editor by the beginning of the key: dsa keys start with ssh-dss and then the gobbly gook.
9) Next make a .shosts file with the
where the user is someone you will permit to sign in without a password
also do .rhosts with the same syntax.
Both these files go in /home/"username"/.ssh
10) Next make hosts.equiv in /etc
and shosts.equiv in /etc/ssh.
These contain hostnames that can access your system.
Syntax the same as for .shosts but it is not recommended that you put the user names in these files.
We're getting close now:
11) Finally you need to do the config files. The binary will install defaults in the /etc/ssh directory. ssh_config and
sshd_config and I made them the same on both systems.
12) Next check all the file permissions. They have to be exactly so or ssh might not work.
-rw-r--r-- 1 root root 28 Aug 13 21:37 hosts.equiv
files in .ssh
drwx------ 2 mtaylor mtaylor 1024 Aug 14 22:34 .
drwx------ 5 mtaylor mtaylor 1024 Aug 10 21:47 ..
-rw------- 1 mtaylor mtaylor 44 Aug 14 22:21 .rhosts
-rw------- 1 mtaylor mtaylor 44 Aug 14 22:22 .shosts
-rw------- 1 mtaylor mtaylor 1022 Aug 13 22:18 authorized_keys
-rw------- 1 mtaylor mtaylor 1835 Aug 13 16:38 authorized_keys2
-rw------- 1 mtaylor mtaylor 744 Aug 12 15:30 id_dsa
-rw-r--r-- 1 mtaylor mtaylor 612 Aug 12 15:30 id_dsa.pub
-rw------- 1 mtaylor mtaylor 537 Aug 13 22:14 identity
-rw-r--r-- 1 mtaylor mtaylor 341 Aug 13 22:14 identity.pub
files in /etc/ssh
drwxr-xr-x 2 root root 1024 Aug 14 22:18 .
drwxr-xr-x 41 root root 3072 Aug 14 09:49 ..
-rw-r--r-- 1 root root 28 Aug 13 21:37 shosts.equiv
-rw-r--r-- 1 root root 974 Aug 13 15:19 ssh_config
-rw------- 1 root root 668 Aug 13 15:20 ssh_host_dsa_key
-rw-r--r-- 1 root root 609 Aug 13 15:20 ssh_host_dsa_key.pub
-rw------- 1 root root 534 Aug 13 15:19 ssh_host_key
-rw-r--r-- 1 root root 338 Aug 13 15:19 ssh_host_key.pub
-rw-r--r-- 1 root root 752 Aug 13 21:52 ssh_known_hosts
-rw-r--r-- 1 root root 1294 Aug 13 21:53 ssh_known_hosts2
-rw-r--r-- 1 root root 1258 Aug 13 22:48 sshd_config
13)You must have a sshd file in the /etc/pam.d directory. Mine looks like this sshd
14) All should be ready now. Start sshd by
typing "sshd". You can automatically start sshd
at each bootup by placing the following line in your
Anytime you make changes to the configuration files you need
to stop and restart the daemon.
Contact the other machine by typing ssh machine.name
So far this is the only way I could get my system to work
with ssh. I couldn't get passwords to be accepted so had to go
Any suggestions on how to improve this sxs would be appreciated or how to solve the rejection of passwords issue would be greatly appreciated.