Passwordless sftp with ssh 5.9 still asks for password

Warren Young warren@etr-usa.com
Tue Nov 29 23:26:00 GMT 2011 

On 11/29/2011 2:49 PM, Andrew Erskine wrote:
>
> ssh-keygen -t dsa

"-t [keytype]" is a default flag these days, and it defaults to RSA, not 
DSA.  Unless you know for a fact you need DSA keys for some odd reason, 
leave this flag off and accept the default.

(ssh itself doesn't care what kind of key you use, as long as both ends 
have support for the key type you want to use.  Since every ssh 
implementation I've used since *forever* supports both RSA and DSA, the 
only way I can see why you'd want to use DSA is if you had some weird 
third-party tool that only understood DSA keys.)

> Accept the default
> key location, C:\Documents and Settings\nhuser\.ssh\id_dsa,

Why would that be the default location, if you are using Cygwin tools? 
Shouldn't it be something like c:\cygwin\home\nhuser\.ssh\...?  You can 
change your HOME to anything you like, but that's not the default with 
Cygwin.

> 2.  Copy the public key, id_dsa.pub, to all remote poller systems

More superannuated information.  Use the ssh-copy-id script instead of 
this manual process they're running you through.  It Does The Right 
Thing (TM) and it's included with recent versions of the openssh package 
in the default Cygwin package repo.

If you aren't using official Cygwin packages or you are insisting on 
using old stuff, you get what you deserve. :)

> 4.  Copy the public key into the authorized_keys2
> file, using the following command: copy /b id_dsa.pub
> authorized_keys2

That overwrites authorized_keys2, rather than appending to it as 
claimed.  Plus, you should be talking about authorized_keys, no numeral.

If I'm wrong and sshd *will* look for a '2' file, the problem is likely 
to be permissions.  It won't use the file if it isn't locked down, since 
that means you have only the illusion of security, and it won't play 
into a fantasy.

But if you use ssh-copy-id, you don't have to worry about any of this. 
Updating this file correctly is one of the things it does for you.

> Restart the cygwin Windows service

Not needed.  sshd re-reads authorized_keys on each login attempt.

> D:\cygwin\bin>...

You'll get a lot less friction with Cygwin tools if you use the Cygwin 
Bash shell instead of CMD.

ssh-copy-id is a shell script, so you'll have to jump through some hoops 
to even run it from a CMD shell, whereas it behaves just like any other 
command when you're running *any* Cygwin shell, not just Bash.

> Regards Andy Sent from my iPhone

<eyebrows type="through-the-roof">You typed all that on a screen 
keyboard?</eyebrows>  That's dedication.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list