I am working to set up some deployment automation, and one of the things I'm trying is to use Ruby's Capistrano to remotely execute commands over ssh. I have used cygwin's openssh to run sshd on the box I'm using as the test victim.
Out of the box, though, this will require an identical user on each victim box, with the same password, which is clearly a bad idea.
I would like therefore to enable public-key authentication, but after a couple of days of banging my head against a wall, I'm not succeeding. Can anyone point me at a successful guide on the web to accomplish this?
I think that:
- having generated a public key locally on the overlord box, I need to run ssh-agent and then ssh-add , right? As in, not on the victim boxes.
- on each victim box, I need to cat the public key into /home/username/.ssh/authorized_keys
- I then need to ssh to the victim box like
ssh username@victim
and I shouldn't be asked for a password... right? This is the piece that is failing; I'm being asked for my password.
To disable password authentication you need to edit sshd_config on victim and set PasswordAuthentication=no
Alternatively edit ssh_config on overlord or use the -o option to stop it offering password authentication.
You can use
ssh -v -v -v ...
to see what is happening more clearly.Edit
I'm familiar with setting up SSH public key authentication using Putty, puttygen and pageant but not with OpenSSH tools. With OpenSSH I believe the process is
Then copy
~/.ssh/id_rsa.pub
to the server's~/.ssh/authorized_hosts
and ensure permissions are 600 for the file and 700 for the directory.The ssh-keygen man-page should explain how to generate a private key unprotected by any pass-phrase. If you do this you won't ever have to enter a pass-phrase but it will be insecure. If you set up the authentication agent then I believe any pass-phrase would only be needed once per session on 'overlord'. If you don't have a pass-phrase I see no point in setting up an authentication agent, should will just read the private key without prompting for a pass-phrase.