« Goodbye Andy | Main | Tripwire Configured and Running »

August 21, 2003

Setting up SSH for Password-less Login

I can't count how many times I've thought about setting up RSA based authentication between our servers to make it easier to move around machines.

The final straw came this past week when changed the way we move code between machines. We had been keeping a local copy on our cvs machine which was getting rsynced to the production machines. We stopped that practice, substituting direct checkout/updates from the various machines.

The setup to use SSH for cvs across the network is simple, exporting two variables:
export CVSROOT=:ext:<username>@<machine name>:<cvsroot>
export CVS_RSH=ssh

The setup to do RSA authentication is fairly straightforward as well:
1. Generate a private-public key pair: ssh-keygen -t dsa
2. Copy the id_dsa.pub key into ~/.ssh/authorized_keys on the remote machine.

Having used ssh between machines for so long without RSA authentication it's hard to get used to ssh, cvs, scp or rsync not prompting for passwords. Is quite nice, could the ease make it less secure?

Posted by mike at August 21, 2003 9:22 PM