How to SSH about in the Computer Science department at York university without having to type in passwords... Note 1: You can, technically, just use .rhosts, but I'd urge you not to. I don't. It's a bloody liability to yourself and others. IOS, IO2S, and other student machines are running ssh commercial-style for everything, /except the daemon/. Hercules is running everything ssh commercial-style. Luckily, OpenSSH supports SSH2-style auth. So. 1) ssh-keygen2 You should be able to do this on the student machines, or on Hercules. Type in a password is the official thing to do, here. If you leave it blank, you'll get a warning, but will be able to SSH about within the department with impunity You can leave the filenames the same 2) Run these commands on any unix host: $ echo "key id_dsa_1024_a.pub" > ~/.ssh2/authorization $ echo "IdKey id_dsa_1024_a" > ~/.ssh2/identification And you should now be able to ssh from any student box to hercules 3) Run these commands on a student box, $ mkdir ~/.ssh $ /usr/bin/ssh-keygen -if ~/.ssh2/id_dsa_1024_a.pub \ > ~/.ssh/authorized_keys2 and now, you can ssh from {hercules,student box} to {ios, student box} without typing in a password. All made possible by the fact that /etc/rc.d/rc.sshd runs all ssh stuff out of /usr/{sbin,bin}, wheras when you're sitting in front of your student box, binaries are overridden by the ones in /usr/local, which are commercial. And note: You can read any and all of the ssh stuff in my home dir, if you need examples [although you won't be allowed to see random_seed, or any private keys] Gary (-; PS Technically, if you wanted, you could arrange that you can ssh from the department to hosts you have access on in the rest of the world. I'd urge you not to. While everything's fine and good within the department [if someone gets access to your account anywhere, they can munge stuff so they can get anywhere else... that's not something I'm telling you how to do, though], if they get access to your account in the department, you don't really want them to be able to access your machine at home with impunity.