Find the answer to your Linux question:
Results 1 to 6 of 6
I have two red hat VMs that I need to be able to use passwordless SSH between the two. Here's the scenario: On VM1 and VM2 I have user bob ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2012
    Posts
    3

    Passwordless SSH behaving oddly


    I have two red hat VMs that I need to be able to use passwordless SSH between the two.

    Here's the scenario:

    On VM1 and VM2 I have user bob with home directory /aim/bob_home (I didn't choose the location). On VM1 as user bob I run ssh-keygen -t rsa which generates the id_rsa/id_rsa.pub files in the .ssh/ dir.

    Then I run ssh-copy-id -i bob_AT_<ip of VM2> - I am prompted for bob's password on VM2 and enter it. After to command completes I check the authorized_keys file on VM2 and ensure that the key is correct. I've ensured that the permissions on the home dir, .ssh dir, and id_rsa/id_rsa.pub are all correct.

    At this point I should be able to run ssh bob_AT_<ip of vm2> and immediately get a shell for VM2 but I'm still prompted for a password.

    I've tried 'ssh-add' and 'service sshd restart (as root)' on both machines and neither helps. The firewalls on both machines are disabled. Each machine can ping the other...

    Here's where it gets odd. If I shut down ssh on VM2 and restart it on a different port (/usr/sbin/sshd -p 1234) and clear the iptables (/etc/init.d/iptables save/stop) I can get in without a password (ssh -p 1234 bob_AT_<ip of vm2>.

    Then on VM2 I can shut down ssh and start it back up on it's regular port (22) and I can still passwordless ssh into VM2 (ssh bob_AT_<ip of VM 2>.

    This works until I reboot the VM at which point I have to do the ssh on a different port series of commands. What's going on here?

    tl;dr passwordless ssh doesn't work until I change the ssh port and clear iptables, ssh in, then change the port back. After I reboot the machine I have to change the port again...

  2. #2
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    678
    Hi there,

    I would suspect the sshd that is started at boot time isn't configured to permit public key authentication. The default for this is yet so your sshd command above should allow it. Can you post your sshd_config? That might shed some light on the problem.

    Let us know how you get on.
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  3. #3
    Just Joined!
    Join Date
    Oct 2012
    Posts
    3
    Quote Originally Posted by kakariko81280 View Post
    Hi there,

    I would suspect the sshd that is started at boot time isn't configured to permit public key authentication. The default for this is yet so your sshd command above should allow it. Can you post your sshd_config? That might shed some light on the problem.

    Let us know how you get on.
    Hi, thanks for the reply. Your idea about the sshd_config allowed me to think about the issue differently.

    Here's the authentication portion of the sshd_config:

    # Authentication:

    #LoginGraceTime 2m
    #PermitRootLogin yes
    #StrictModes yes
    #MaxAuthTries 6
    #MaxSessions 10

    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile .ssh/authorized_keys
    AuthorizedKeysCommand none
    AuthorizedKeysCommandRunAs nobody

    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes

    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no
    #PasswordAuthentication no

    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes
    ChallengeResponseAuthentication no

    I've tried changing around a lot of those settings and I've found something odd. On VM2 I don't need to change the port at all. But I do need to stop sshd as root and then start it again. Here's what I run:

    service sshd stop
    /usr/sbin/sshd

    Then passwordless ssh works. If I try 'service sshd start' passwordless ssh does not work. I find this behavior rather odd.

  4. #4
    Linux Newbie
    Join Date
    Apr 2012
    Posts
    112
    Quote Originally Posted by jasono View Post
    Hi, thanks for the reply. Your idea about the sshd_config allowed me to think about the issue differently.

    Here's the authentication portion of the sshd_config:




    I've tried changing around a lot of those settings and I've found something odd. On VM2 I don't need to change the port at all. But I do need to stop sshd as root and then start it again. Here's what I run:

    service sshd stop
    /usr/sbin/sshd

    Then passwordless ssh works. If I try 'service sshd start' passwordless ssh does not work. I find this behavior rather odd.
    a long shot, but what are your SELinux settings?

  5. #5
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    678
    I reckon the sshd service is using a different configuration file from the default, so when you run /usr/sbin/sshd you are using /etc/ssh/sshd_config but when you run it via service you get a different config specified.

    Take a look in /etc/init.d/sshd to see if that's the case. Ideally there'd be something like "/usr/sbin/sshd -a -f /usr/local/etc/sshd_config" in the file, with the "-f" flag indicating a specific configuration file. If that's the case then you should edit the alternate config file to permit RSA authentication.

    Let us know how you get on.
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  6. #6
    Just Joined!
    Join Date
    Oct 2012
    Posts
    3
    Thanks for all of your help. The issue was with the users. I had used puppet to create them. There was something wrong with their home directories (does RHEL encrypt them by default?). When I moved the authorized_keys file to a different location and point the sshd_config to that new location passwordless ssh worked just fine.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •