Find the answer to your Linux question:
Results 1 to 6 of 6
Ok. So I am trying to setup a passwordless ssh by doing (on the server): 1. ssh-keygen -t dsa 2. copying id_rsa.pub to authorized_keys Of course, it doesn't work. I ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! soccercisco's Avatar
    Join Date
    Dec 2006
    Location
    So. Cal
    Posts
    98

    yet another "passwordless ssh" question


    Ok. So I am trying to setup a passwordless ssh by doing (on the server):
    1. ssh-keygen -t dsa
    2. copying id_rsa.pub to authorized_keys

    Of course, it doesn't work. I am working on a big project, and I am the only person for whom this method hasn't worked (well, it worked for a while but somehow I broke it).

    I revised several troubleshooting posts (and unsuccessfully tried them all). So, I ran the verbose ssh -vv user@server:
    If you get a line like this, not containing "publickey":
    debug1: Authentications that can continue: password,keyboard-interactive
    I do get "publickey" here.

    If you don't get a line like:
    debug1: try pubkey: /home/user/.ssh/id_dsa
    Then check "ssh_config" on the client and if it exists, remove "PubkeyAuthentication no" if it exists.
    I don't get this line, but I do not have access to the ssh_config. And as I previously stated, all other users have been able to setup passwordless ssh'ing on the same server.

    If you still don't see that line then make sure that "~/.ssh/id_dsa" exists on the client.
    If you get a line like:
    debug2: we sent a publickey packet, wait for reply
    Check that "~/.ssh/authorized_keys" exists on the server and contains a line the same as "~/.ssh/id_dsa.pub" on the client.
    Yes, yes. All necessary files exist in both server and client.

    Thanks for your help.

  2. #2
    Just Joined! soccercisco's Avatar
    Join Date
    Dec 2006
    Location
    So. Cal
    Posts
    98
    Btw, the error I get is that it keeps prompting me for the password.

  3. #3
    Just Joined! vijay_kernel's Avatar
    Join Date
    Apr 2007
    Posts
    77
    Setting up the server for passwordless login

    You will need to make sure that the server will accept passwordless logins. This means you have to enable public key authentication on the server. To do this, open up /etc/ssh/sshd_config in a text editor (I would suggest nano or kate). Then make sure that the following two lines are uncommented, or if not there, add them in. To uncomment the line, remove the '#' from the beginning of the line:

    * RSAAuthentication yes
    * PubkeyAuthentication yes

    You will need to restart the ssh server. Do this with:

    * /etc/init.d/ssh restart

    Finally make sure that permissions are right on the server. If there's no ~/.ssh directory, make one:

    * mkdir ~/.ssh

    Once you've got a ~/.ssh directory, change the permissions using:

    * chmod 700 ~/.ssh

    that should be enough to setup the server side of things.


    Setting up the client side of the equation

    First you'll need to setup a keypair. If you already have the files ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub, you should be good to go. If not, then you need to add them. Use the following command:

    * ssh-keygen -t rsa

    You will then be asked some questions. Simply hit "Enter" to answer them all:

    * Generating public/private rsa key pair.
    * Enter file in which to save the key (/home/skx/.ssh/id_rsa):
    * Enter passphrase (empty for no passphrase):
    * Enter same passphrase again:
    * Your identification has been saved in /home/skx/.ssh/id_rsa.
    * Your public key has been saved in /home/skx/.ssh/id_rsa.pub.

    Answering without putting in a password means that the keys can be unlocked without a password, which is the whole point of "passwordless" login. Now we can do a little magic. Previously when setting up passwordless logins with ssh, I've gone through a dance of copying keys from the local computer to the remote computer. However, now I've found a new programme that does all this automagically. So, type this into a terminal:

    * ssh-copy-id -i ~/.ssh/id_rsa.pub username@remote_host

    Obviously you will need to replace "username" with the user you want to login as on the remote computer, and "remote_host" with the ip/hostname of the ssh server. This command will ask you for a password - don't be alarmed; this sets up the passwordless-ness, so needs a password to do it. Once you've done this, you should be good to go. Try logging into the remote server, and you should be password free.


    Hope this helps for you.....

    Cheers,
    Vijay.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined! soccercisco's Avatar
    Join Date
    Dec 2006
    Location
    So. Cal
    Posts
    98
    Thanks Vijay for the insight.

    I don't have root access.

    passwordless ssh works fine for other people, why did it break for me (possible reasons and suggestions)?

    Again, the configuration of ssh is already set to accept this.

    Sorry for the trouble.

  6. #5
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    Short answer is: We don't know why it broke for you. What did you do to break it?

    Longer answer is:

    PubkeyAuthentication yes <- This directive is necessary in /etc/ssh/sshd_config on the server side. No other authentication methods need to be turned on for pubkey authentication to work.

    On the server side, run the command: chmod -R go-rwx ~/.ssh

    On the client side, run the same command.

    Make sure the contents of your .pub key have been written / appended to ~/.ssh/authorized_keys on the server side.

  7. #6
    Just Joined! soccercisco's Avatar
    Join Date
    Dec 2006
    Location
    So. Cal
    Posts
    98
    Thx 2 all 4 the help.

    Yep, ssh can be tricky when it comes to permissions. It ended up being that my home folder had writing permissions for the group, thus ssh would not allow me to configure passwordless mode because somebody could've copied my authorized_keys file (even though the file itself had the appropriate permissions).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •