LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-21-2007, 10:49 AM   #1
kaplan71
Member
 
Registered: Nov 2003
Posts: 716

Rep: Reputation: 39
Problem with two-way key-based ssh connection


Hi there --

I am trying to set up a two-way key-based ssh connection. The idea here is to have the user on server 1 be able to log into server 2 using public/private key authentication and vice versa.

The user is prompted for a password when he logs in from server 1 to server 2, which is incorrect, but is not prompted for a password when he logs in from server 2 to server 1, which is correct.

The steps that I took so far are as follows:
1. created the rsa and dsa key pairs on server 1 as the user.
2. logged in as root on server 2 and created a user account like that on server 1.
3. copied the user's rsa and dsa public key files to server 2, and renamed the dsa public file to authorized_keys2.
4. verified there was no existing known_hosts file.
5. logged back into server 2 to create the known_hosts file.
6. modified the sshd_config file to have the lines:
Protocol 2
AuthorizedKeysFiles .ssh/authorized_keys2
7. modified the ssh_config file to have the line:
Protocol 2
8. stopped and restarted ssh on server 1 and server 2.

I want to be able to log into server 2 from server 1 without password authentication. I can do that now from server 2 to server 1. What other steps do I need to take to correct this? Thanks.
 
Old 02-21-2007, 11:14 AM   #2
snowtigger
Member
 
Registered: Mar 2005
Location: england
Distribution: slackware, win2k
Posts: 364

Rep: Reputation: 34
do you have three lines that look like this in you sshd_config file

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys # or whatever you want to call the file


and if you want to completely disable password logins (but only do this once you know key based logins are working)

PasswordAuthentication no

 
Old 02-21-2007, 11:51 AM   #3
kaplan71
Member
 
Registered: Nov 2003
Posts: 716

Original Poster
Rep: Reputation: 39
I checked the sshd_config file, and yes the settings that you mentioned are in place on both servers. I have not set PasswordAuthentication to no.
 
Old 02-21-2007, 04:05 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
is the ~/.ssh folder set to permissions of 600? that's always the bit that catches me out.
 
Old 02-22-2007, 07:15 AM   #5
kaplan71
Member
 
Registered: Nov 2003
Posts: 716

Original Poster
Rep: Reputation: 39
That took care of it, along with matching the permissions between the two servers. Thanks for the help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Key-Based SSH Logins With PuTTY LXer Syndicated Linux News 1 12-10-2006 11:21 AM
Ssh Key Problem Eazy-Snatch Linux - Networking 2 07-12-2006 06:47 AM
really simple ssh/key problem paul_dundee Linux - Security 11 03-28-2005 03:23 PM
ssh connection with key linuxnube Linux - Security 3 02-25-2005 02:48 PM
upgraded ssh, now can't make public key connection BrianK Linux - Networking 0 04-10-2004 05:06 PM


All times are GMT -5. The time now is 10:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration