The SCP PC User Guide: SSH

Setting up ssh for passwordless access to Suns and PCs

NOTE: This instruction manual is designed for somebody sitting at a PC console, wanting to connect to Suns and PCs. If you are sitting at a Sun console, the procedure is slightly different. It is left as an exercise for the alert reader to figure out what the differences are.

If you follow this procedure, when you log into a PC's console and run Xwindows, you will be able to connect easily to all the SCP Suns and PC's without having to type a password each time. It is possible to the same when logging into a Sun console; the modifications to this procedure for the Suns are left as an exercise for the alert reader. Getting both the Suns and PCs set up in this manner requires you to know a little more than this cookbook procedure. I recommend man ssh and man ssh-agent. You can also man rob, but neither ssh nor ssh-agent have an aluminum pipe.

Warning! You are probably going to complain that this seems too complicated. However, it's only complicated for the initial setup; after that it gets easy.

Do the following on a PC (any PC):

  1. Run "ssh-keygen". It will prompt you for a passphrase. This passphrase can be any length (i.e. even more than 8 characters). Choose something secure, and don't forget it.

  2. cd into the directory "~/.ssh", and copy the file "" to "authorized_keys":

    panisse% cd ~/.ssh
    panisse% cat >> authorized_keys
    panisse% chmod go-w authorized_keys

  3. Copy the "authorized_keys" files to the "~/.ssh" directory on the suns:

    panisse% ssh
    cactus% cd
    cactus% mkdir .ssh
    cactus% chmod 700 .ssh
    cactus% cd .ssh
    cactus% scp panisse:.ssh/ ./identity.panisse ./
    cactus% cat identity.panisse >> authorized_keys
    cactus% rm identity.panisse
    cactus% chmod go-w authorized_keys
    cactus% exit
    You will probably be prompted for more than one password (both Sun and PC) during this procedure.

  4. Make sure your home directory permissions are right. ssh gets snippy if your home directory is group-writeable... which lots of ours tend to be because of our necessary umask. All you have to do to fix this is to run the command:

    chmod g-w ~
    on both one of the Suns and one of the PCs.

  5. Create a file "startx" in your home directory on the PCs with three lines, as follows:

    panisse% cd
    panisse% cat > startx
    exec /usr/X11R6/bin/startx $argv
    (Hit CTRL-D to finish the creation of the startx file).

  6. Make this startx file executable:

    panisse% chmod 755 ~/startx

  7. Edit your .cshrc on the PCs, and add the following line:

    alias startx ssh-agent ~<yourname>/startx
    Obviously, substitute your username for <yourname>.

At the end of this procedure, log out and log back into the PC you are working on. Type "startx". It should prompt you for the ssh passphrase you defined when you created your ssh key with "ssh-keygen" above. After you give that passphrase, Xwindows should start up as normal. At this point, you ought to be able to freely ssh into the Suns and the PCs without being prompted for a password. Additionally, you can put ssh commands to run things on the other machines in your .xinitrc and .fvwmrc files.

If you are using Gnome as your desktop environment see here for how to set things up a little more nicely.