Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 12
I am running Ubuntu 7.10 and followed the guidelines in https://help.ubuntu.com/community/AdvancedOpenSSH to set up a RSA Key-Based SSH Logins with no password since I need to run a rsync via ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2007
    Posts
    61

    openSSH no passwd problem


    I am running Ubuntu 7.10 and followed the guidelines in https://help.ubuntu.com/community/AdvancedOpenSSH to
    set up a RSA Key-Based SSH Logins with no password since I need to run a rsync via cron

    There are a lot of instructions and howto:s but somehow I have missed something very important.
    Here is what I did ...

    1. ssh-keygen -t rsa
    2. I did not enter a passphrase
    3. ssh-copy-id -i ~/.ssh/id_rsa.pub john@server-x
    4. When 'ssh john@server-x' first time --> asked if server-x could be trusted (OK) and asked for password (was given)
    5. But from now on every time when ssh is used to login to server-x it asks for password ... why ?
    Here is some output from 'ssh -v john@server-x'

    OpenSSH_4.6p1 Debian-5build1, OpenSSL 0.9.8e 23 Feb 2007
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to server-x [192.168.10.2] port 22.
    debug1: Connection established.
    debug1: identity file /home/bob/.ssh/identity type -1
    debug1: identity file /home/bob/.ssh/id_rsa type 1
    debug1: identity file /home/bob/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6p1 Debian-5build1
    debug1: match: OpenSSH_4.6p1 Debian-5build1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-5build1
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'server-x' is known and matches the RSA host key.
    debug1: Found key in /home/bob/.ssh/known_hosts:1
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/bob/.ssh/identity
    debug1: Offering public key: /home/bob/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,password
    debug1: Trying private key: /home/bob/.ssh/id_dsa
    debug1: Next authentication method: password

    6. I have chmod 644 for 'authorized_keys' in /home/john/.ssh for server-x
    7. In /etc/ssh/sshd_config for server-x there is:

    RSAAuthentication yes
    PubkeyAuthentication yes


    So what is wrong ... ??

    Have to mention that I have deleted ~/.ssh many time as I have regenerated both rsa and dsa keypairs ... same story
    I don't know if that has degenerated my ssh-system but I have allways 'sudo /etc/init.d/ssh restart' before a new ssh-keygen

  2. #2
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    You might want to do:
    chmod 644 ~/.ssh/authorized_keys

    OpenSSH doesnt have the rights at default to write there..

    Hope that helps
    New Users, please read this..
    Google first, then ask..

  3. #3
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539
    What are the permissions on /home/john and /home/john/.ssh ?

    Also have you checked that your key has actually been stored in .ssh/authorized_keys ?

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Jul 2007
    Posts
    61
    Permissions are:

    /home/john/.ssh 700
    /home/john/.ssh/authorized_keys 644
    /home/john 775

    Yes - the public key is stored in .ssh/authorized_keys

  6. #5
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    not sure.
    But I think that you should do
    Code:
    chmod +r /home/john/.ssh
    New Users, please read this..
    Google first, then ask..

  7. #6
    Just Joined!
    Join Date
    Jul 2007
    Posts
    61
    Didn't help with chmod +r /home/john/.ssh

    I don't think it's a permission issue ... all permissions are default openSSH.
    It seems to me that the login does not get the right key ... if you look at the debug-list (line 4 from the end) it says 'Offering public key: /home/bob/.ssh/id_rsa' but it is not accepted and it goes on with 'Next authentication method: password' ... hmmm strange

  8. #7
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    Umm, try regenerating the Key (rsa)
    It might now be the same since of some error.

    Well, I hope it is *any* help.
    New Users, please read this..
    Google first, then ask..

  9. #8
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539
    You'll probably find that it's the permissions on /home/john

    Set it to 700 and the keys should work fine.

    If you must allow access to anyone other than the individual user, there is a setting in /etc/ssh/sshd.conf - StrictModes, set this to no if you absolutly must!

  10. #9
    Just Joined!
    Join Date
    Jul 2007
    Posts
    61
    I deleted ~/.ssi both on client and server and regenerated a new keypair ... this time with dsa instead of rsa ... restarted ssh ... same story

    BTW ... the files in /etc/ssh/

    ssh_host_dsa_key
    ssh_host_dsa_key.pub
    ssh_host_rsa_key
    ssh_host_rsa_key.pub

    what are they for ? I haven't touched them between key-generations

  11. #10
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539
    BTW ... the files in /etc/ssh/

    ssh_host_dsa_key
    ssh_host_dsa_key.pub
    ssh_host_rsa_key
    ssh_host_rsa_key.pub
    They're the host keys (usually generated when you install ssh for the first time). These keys are used to identify the host (they get put in the known_hosts files on remote servers)

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •