SSH with No Password

[yahooglesoft]

Hi Everyone,

I've setup ssh without a password a few times before but this perticular connection is giving me a headache. I'm trying to connect between two machines which I will call Z2 and Z4. I've got the same user on both machines with the same password

Setting up Connection
Z2 --> Z4

On Z2
I did the ssh-keygen -t rsa with the default path for user "ora" and pushed enter for not password.

I used scp $HOME/.ssh/id_rsa.pub Z4:/tmp

On Z4
cat /tmp/id_rsa.pub >> $HOME/.ssh/authorized_keys
cat /tmp/id_rsa.pub >> $HOME/.ssh/authorized_key2

On Z2
ssh 192.168.0.22 (thats Z4)

It then asks me for the password... why???
I even created two new accounts on both machines called transfer and it didn't work. Strangely enough it works perfectly if you're using root

[vsemaska]

What are the permissions and ownership of the .ssh directory and the authorize_keys file. The .ssh directory should be:

drwx------ 2 <owner> <group> 4096 May 11 2004 .ssh

The authorize_keys file should be:

-rw------- 1 <owner> <group> 1101 May 11 2004 authorized_keys

I believe that if the permissions are not restricted to just the owner ssh won't use it thus being prompted for the password.

If the permissions isn't the problem then use verbose mode to get more information.

# ssh -vvv 192.168.0.22

[pavlo_7]

Did you by any chance do:

Code:

cat /tmp/id_rsa.pub >> $HOME/.ssh/authorized_keys

as root?

Try this:
on Z2:

Code:

cp id_rsa.pub id_rsa.pub.temp
scp id_rsa.pub.temp correct_user@Z4:/home/correct_user/.ssh/
ssh correct_user@Z4
cd .ssh
cat id_rsa.pub.temp >> authorized_keys

Edit: also:

Code:

chown correct_user.correct_user athorized_keys
chmod 600 athorized_keys

[yahooglesoft]

WOW! vsemaska, you got it perfectly thanks, I never wouuld have thought to check that.

The permissions for the .ssh folder were chmoded to 777 for some reason. I changed it to 710 like you said and it works perfectly.

[vsemaska]

Glad to hear your problem is solved. I've run into that problem myself, that's why I knew about it. Took me a long time to track it down.

Cheers

[orangecoat-ciallella]

If you're still having an issue after checking the permissions, as mentioned above, then verify that ownership of the local and remote $HOME directories, /.ssh and files match across servers.

For instance, I was messing around earlier and changed the ownership of the remote $Home from userX to root. The userX still had permissions to the folder through a group and I could login fine with password authentication, but continued to be prompted even after sharing keys.

I figured there was a permissions issue, but had totally forgotten about changing ownership of the remote $HOME directory. Of course, I looked at permissions of the /.ssh , id_rsa , id_rsa.pub and authorized_keys and they looked fine, but it took a while to realize to check rights and owners of the actual $HOME folders.

The local server was correctly owned by userX with 710 permissions. So, I used chown userX $HOME and chmod 710 $HOME to make the remote owner and permissions match the correct local settings.

Synopsis: the user account in question must be owner of the related folders on both local and remote. Having group permissions to the folder(s) doesn't seem to be sufficient.

[Viper44]

I was following this thread and still couldn't get rid of the password prompt; until I changed the permissions on the $user/.ssh/known_hosts file to 644.