Use StrictHostKeyChecking=no you can put this is the ssh_config file (on cygwin it is at: /etc/ssh_config ),
or you can do it on the command line with as shown below:
ssh-user-configsystemsystem like thismkpasswd -l | grep Administrator >> /etc/passwd/etc/passwd and change Administrator to systemssh-user-config answer no to everything except SSH2 DSA identity file
this should be fine for a relatively new ssh server
Notes:
An sshd System is a system that is running sshd which listens to ssh connections. It is the System ssh can connect to.
A closed firewall is one that does not allow connections to be initiated from the outside.
A sshd firewall is one that allows connections from outside ssh clients to sshd running on a System behind it.
For these examples assume the internet address of the Systems is just the word System followed by the letter used in the table, with no spaces. Examples: SystemA SystemB
| Case | Scenario | From | To |
|---|---|---|---|
| To sshd System | System B -> System C [Program appears to be running local on C] | System behind closed firewall | System behind sshd firewall |
| To sshd Systems Neighbor | System B -> System C -> System D [Program appears to be conecting from C] | System behind closed firewall | System unreachable through System reachable from sshd firewall |
| To sshd Systems Neighbor as if you were running your program locally On the Neighbor | System B -> System C -> System D [B thinks Program is running locally] [D thinks Program is running locally] | System behind closed firewall | System unreachable through System reachable from sshd firewall |
| From Work To firewalled Home Via accessable Home | System B -> System C -> System D [B thinks Program is running locally] [D thinks Program is running locally] | System behind closed firewall | System unreachable through System reachable from sshd firewall |
| From B, Let C use Port on A | |||
| Email Me if you want me to document another case | |||
ssh -N -L p1:rra:p2 [sshUsername@]sshdAddr | Parameter | Description |
|---|---|
| -N | Tells ssh not to open a command shell on the ssh server machine (the default _is_ to open one) |
| -L | Tells it you are linking a port |
| p1 (local port) | Port that is created on the local machine, this is where things connect to enter the ssh tunnel |
| rra (remote reachable addr) | This is where the other end of the tunnel will be located at. Note that it need not be on the ssh server machine, but it can be on any machine that machine can reach. So if the ssh server has a local addr like '192.168.1.100' you, can use this parameter to reach other machines local to it like '192.168.1.101'. Also note that the value 'localhost' is a valid choice |
| p2 (on remote reachable machine) |
Port that is openned on the machine specified by 'remote reachable addr' |
| sshUsername | |
| sshdAddr |
How to get access to remote machine that cannot be ssh'd into
| Machine | Network Address | IP address | Username |
|---|---|---|---|
| Work | work.company.com | 128.16.0.146 | mylastname |
| Home | home.home.org | 66.66.66.66 | myhandle |
ssh -R 10003:128.16.0.146:22 -f -N 66.66.66.66 -l myhandlessh mylastname@localhost -p 10003
ssh -R {tunnel port #}:{work machines ip}:{port to access} -f -N {home machines ip} -l {home username}
| Parameter | Purpose |
|---|---|
| -R | Reverse Tunnel |
| tunnel port # | The port number that will be used on the home machine to connect to the tunnel |
| work machines ip | The ip address the work machine knows itself as. This can be a local to the work network address, and potentially you can use 'localhost' instead of an ip address. This also can be the ip address of another machine in the set of ip addresses at work - if you want to make the tunnel connect to a machine other than where the tunnel is being created at. |
| port to access | Which port the tunnel provides access to (like 22 for ssh, see a list of well known ports for others) |
| home machines ip | This is whatever string is needed to ssh into the home machine, unless you have your own domain, it will be an ip address. |
| home username | Your user name on the home machine |
| -f | Runs ssh in the background |
| -N | ?? Is this so with -R?? Tells ssh not to open a command shell on the ssh server machine (the default _is_ to open one) |
ssh {work username}@localhost -p {tunnel port #}
| Parameter | Purpose |
|---|---|
| work username | Your user name on the work machine |
| tunnel port # | The tunnels port number, as described by the command on the work machine that set up the tunnel |
on client make .ssh dir
go into .ssh dir
you only need do the following the first time, then use the same key on all target systems
generate a public key:
ssh-keygen -t rsa
ssh-keygen -d
give it a name like:
id_rsa
no passphrase
copy the .pub file made to something with the name of the system you are on (so you can keep track of which system it is for)
for example id_dsa-sirius.pub where sirius is the name of the machine.
copy the id_rsa.pub file to the target system you want to log into without a password
(where username is the name of the account you don't want to need a password to ssh to)
scp id_rsa.pub <username>@targetmachine:identity.pub
log into the target machine (in the account 'username')
cause the equivelent of the following to happen
mkdir .ssh
cat identity.pub >> .ssh/authorized_keys
chmod go-rwx .ssh/authorized_keys
rm identity.pub
logout, then try ssh-ing in, it should work with no password.
!! NOTE !!
ssh without password will fail if server side directories are to insecure, use the following
settings to allow it to work:
chmod 755 ~ ~/.ssh
chmod 644 ~/.ssh/authorized_keys
!! NOTE 2 !!
Make sure you spell authorized_keys correctly.