Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm maybe totaly wrong but I tought ssh was needing a "decryption key" in order to connect to a ssh server... But I recently discovered I can login into my sshd without any key. Worst, It never asks me for a phasepasswd, except if I delete id_rsa.pub (this is suppose to be the decryption key, isn't it?). But if I delete the id_rsa key too, I can still login without any problem (it always asks me for my real login password, of course!).
Can you tell me if this is a SSH problem (maybe I forgot to enable something else in the install?) or i'm just a total newbie who don't understand how SSH works?
the pub file is your public key, id_dsa or rsa is the private half. You need to have the contents of id_dsa.pub in a file called authorized_keys in ~/.ssh
I don't want to mange my key with the agent, I want to use this key!
I have no key in my home, but still, I can login into sshd (sshd is on another computer). DSA, RSA, PubKey Authentication are at "yes", AutorizedKeyFile looks ok... I also turn Know_Hosts off.
Why sshd still accept people without key? Is there are another option I forgot?
It doesn't works, ARRRG, I think I will start hiting my head on the wall. If I turn off password authentification, I can't log in at all. It asks me for my passphase but If I enter the right password, ssh (in verbose mode) tells me that:
Read PEM private key Done: type RSA
authentification that can continue : publickey, keyboard-interactive
try pubkey: /root/.ssh/id_rsa
authentification that can continue : publickey, keyboard-interactive
next auth method to try is: keyborad-interactive
then it tells me Authentification Failed.... but I'm SURE my key is good, I just generated a new one... If I type the wrong passphase I have 2 more chance until I get this error msg...
'ssh-keygen -t rsa' creates identity/identity.pub and the identity.pub should be changed to authorized_keys on the host machine in ~/.ssh/authorized_keys with permissions set to 600.
Make sure it's not trying ssh2 (dsa) when you ssh to the host, run ssh with the -v option to see the step by step proccess.
If you are using SSH2, 'ssh-keygen -t dsa' creates id_dsa/id_dsa.pub and the id_dsa.pub should be changed to authorized_keys2 on the host machine in ~/.ssh/authorized_keys2 with permissions set to 600.
As you can see, my AuthorizedKeysFile path is (now) ~/.ssh/ but I also tried with ~/.ssh/authorized_key , ~/.ssh/id_rsa , %h/.ssh/... etc etc...
Nothing worked
Habitually when I try to connect, I give shh client option directly (ssh -v -l root -i ~/ssh/id_rsa.pub) but I always get this non-sense error msg (saying my key is incorrect?) I posted before. I think the only thing I have not tried yet, is rm -rf /*ssh* and reinstalling.
# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#Compression yes
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
"As you can see, my AuthorizedKeysFile path is (now) ~/.ssh/ but I also tried with ~/.ssh/authorized_key , ~/.ssh/id_rsa , %h/.ssh/... etc etc...
Nothing worked"
--The public key should be ~/.ssh/authorized_keys not key
I'm using openssh-server-3.1p1-6 and the only uncommented lines in my sshd_config
SyslogFacility AUTHPRIV # for logging
RSAAuthentication yes
PasswordAuthentication no
if you leave PasswordAuthentication commented out it will still ask you for a password if you fail to enter the correct passphrase. To avoid this uncomment it and set it to no.
the password isn't unsafe, once the client has the public key the fingerprint of the server is checked against the public key, and the login is secure.
allowing the key without a password is more of a risk that someoe will get the key from the client.
no one can get your password because the login is encrypted.
David: are you sure? I can log in (using pass authentication) sshd no matter if I have the pub key or no (I have no pub key in the local computer, but the remote, running sshd have one). How ssh do encryption/decryption without local pub key?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.