openSSH no passwd problem

11-22-2007	#1 (permalink)
zkab Just Joined! Join Date: Jul 2007 Posts: 23	openSSH no passwd problem I am running Ubuntu 7.10 and followed the guidelines in https://help.ubuntu.com/community/AdvancedOpenSSH to set up a RSA Key-Based SSH Logins with no password since I need to run a rsync via cron There are a lot of instructions and howto:s but somehow I have missed something very important. Here is what I did ... 1. ssh-keygen -t rsa 2. I did not enter a passphrase 3. ssh-copy-id -i ~/.ssh/id_rsa.pub john@server-x 4. When 'ssh john@server-x' first time --> asked if server-x could be trusted (OK) and asked for password (was given) 5. But from now on every time when ssh is used to login to server-x it asks for password ... why ? Here is some output from 'ssh -v john@server-x' OpenSSH_4.6p1 Debian-5build1, OpenSSL 0.9.8e 23 Feb 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to server-x [192.168.10.2] port 22. debug1: Connection established. debug1: identity file /home/bob/.ssh/identity type -1 debug1: identity file /home/bob/.ssh/id_rsa type 1 debug1: identity file /home/bob/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6p1 Debian-5build1 debug1: match: OpenSSH_4.6p1 Debian-5build1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-5build1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'server-x' is known and matches the RSA host key. debug1: Found key in /home/bob/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/bob/.ssh/identity debug1: Offering public key: /home/bob/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/bob/.ssh/id_dsa debug1: Next authentication method: password 6. I have chmod 644 for 'authorized_keys' in /home/john/.ssh for server-x 7. In /etc/ssh/sshd_config for server-x there is: RSAAuthentication yes PubkeyAuthentication yes So what is wrong ... ?? Have to mention that I have deleted ~/.ssh many time as I have regenerated both rsa and dsa keypairs ... same story I don't know if that has degenerated my ssh-system but I have allways 'sudo /etc/init.d/ssh restart' before a new ssh-keygen

11-22-2007	#2 (permalink)
RobinVossen Linux Engineer Join Date: Aug 2007 Location: The Netherlands Posts: 1,381	You might want to do: chmod 644 ~/.ssh/authorized_keys OpenSSH doesnt have the rights at default to write there.. Hope that helps __________________ My webpage: codeinject.org New Users, please read this.. Google first, then ask..

11-22-2007	#3 (permalink)
matonb Linux User Join Date: Aug 2006 Location: Portsmouth, UK Posts: 484	What are the permissions on /home/john and /home/john/.ssh ? Also have you checked that your key has actually been stored in .ssh/authorized_keys ?

11-22-2007	#4 (permalink)
zkab Just Joined! Join Date: Jul 2007 Posts: 23	Permissions are: /home/john/.ssh 700 /home/john/.ssh/authorized_keys 644 /home/john 775 Yes - the public key is stored in .ssh/authorized_keys

11-22-2007	#5 (permalink)
RobinVossen Linux Engineer Join Date: Aug 2007 Location: The Netherlands Posts: 1,381	not sure. But I think that you should do Code: chmod +r /home/john/.ssh __________________ My webpage: codeinject.org New Users, please read this.. Google first, then ask..

11-22-2007	#6 (permalink)
zkab Just Joined! Join Date: Jul 2007 Posts: 23	Didn't help with chmod +r /home/john/.ssh I don't think it's a permission issue ... all permissions are default openSSH. It seems to me that the login does not get the right key ... if you look at the debug-list (line 4 from the end) it says 'Offering public key: /home/bob/.ssh/id_rsa' but it is not accepted and it goes on with 'Next authentication method: password' ... hmmm strange

11-22-2007	#7 (permalink)
RobinVossen Linux Engineer Join Date: Aug 2007 Location: The Netherlands Posts: 1,381	Umm, try regenerating the Key (rsa) It might now be the same since of some error. Well, I hope it is any help. __________________ My webpage: codeinject.org New Users, please read this.. Google first, then ask..

11-22-2007	#8 (permalink)
matonb Linux User Join Date: Aug 2006 Location: Portsmouth, UK Posts: 484	You'll probably find that it's the permissions on /home/john Set it to 700 and the keys should work fine. If you must allow access to anyone other than the individual user, there is a setting in /etc/ssh/sshd.conf - StrictModes, set this to no if you absolutly must!

11-22-2007	#9 (permalink)
zkab Just Joined! Join Date: Jul 2007 Posts: 23	I deleted ~/.ssi both on client and server and regenerated a new keypair ... this time with dsa instead of rsa ... restarted ssh ... same story BTW ... the files in /etc/ssh/ ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub what are they for ? I haven't touched them between key-generations

11-22-2007

#10 (permalink)

matonb

Linux User

Join Date: Aug 2006

Location: Portsmouth, UK

Posts: 484

Quote:

BTW ... the files in /etc/ssh/

ssh_host_dsa_key
ssh_host_dsa_key.pub
ssh_host_rsa_key
ssh_host_rsa_key.pub

They're the host keys (usually generated when you install ssh for the first time). These keys are used to identify the host (they get put in the known_hosts files on remote servers)