LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-22-2004, 08:59 AM   #1
markehb
LQ Newbie
 
Registered: Mar 2004
Distribution: mandrake 9.0
Posts: 29

Rep: Reputation: 15
ssh without the password prompt


Did a search but none of the many topics on this I found helped me.

Box A has sshd running.
Box B has ssh and is the one i'm trying to connect from.

On Box B I first ran ssh-keygen -t dsa
entered the password and it created the id_dsa & .pub files.

On Box A created a dir in /home/ called .ssh and copied the id_dsa.pub over and renamed it to authorized_keys

On Box B ran:
ssh 111.111.111.111
it prompted for pass, entered this and it added Box A to known hosts and connects fine.

When trying to setup the public key:

On Box B ran:
ssh-agent /bin/bash
ssh-add
*it then prompts for the passphrase which I enter (the password from above).
ssh-add -l
*shows that the key is there
ssh 111.111.111.111
* which prompts for password (which I believe it shouldn't)

Any ideas?

Cheers All


 
Old 03-22-2004, 02:15 PM   #2
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
Connecting thru ssh, it should and will always ask for the users password by default to login. It doesn't just read the keys and assume you are who you say you are.
 
Old 03-22-2004, 03:08 PM   #3
mako747
Member
 
Registered: Mar 2004
Location: Canada
Distribution: Slackware
Posts: 92

Rep: Reputation: 15
Hi there.

Copy the public key to /home/whoever/.ssh2 on the box you want to connect to.

Edit a file in that directory called authorization and insert the following line...

Key id_dsa_1024_b.pub

That is assuming that the key you generated was id_dsa_1024_b.pub

Assuming you did this correctly you will then be able to connect from the box that you generated the key on without a password.
 
Old 03-23-2004, 10:18 AM   #4
Pollyanna
Member
 
Registered: Oct 2003
Location: Germany
Distribution: Slackware 10.2, SuSE 10.0, Solaris(SPARC) 9+Solaris(x86) 9, NetBSD(sparc) 2.0.2
Posts: 43

Rep: Reputation: 15
Thumbs up

Hi markehb,

you are almost there: the only thing you have to do is leave the password empty when generating the keypair.


Hope it was of any help

Pollyanna
 
Old 03-23-2004, 11:09 AM   #5
markehb
LQ Newbie
 
Registered: Mar 2004
Distribution: mandrake 9.0
Posts: 29

Original Poster
Rep: Reputation: 15
tried that, no joy

stupid newbie question in my sshd.conf I uncommented the line:
AuthorizedKeysFile ~/.ssh/authorized_keys

what does the ~ mean? is it like the root dir?

Last edited by markehb; 03-23-2004 at 11:15 AM.
 
Old 03-23-2004, 11:15 AM   #6
mako747
Member
 
Registered: Mar 2004
Location: Canada
Distribution: Slackware
Posts: 92

Rep: Reputation: 15
Try again, I use it to grab backups during the night.

Remove the key you generated, run ssh-keygen, do not use a password or a passphrase.

Copy the key over as I said before.

If you still have trouble I can send you a script that will automate it for you.
 
Old 03-23-2004, 11:17 AM   #7
mako747
Member
 
Registered: Mar 2004
Location: Canada
Distribution: Slackware
Posts: 92

Rep: Reputation: 15
The ~ is the home directory
 
Old 03-23-2004, 11:35 AM   #8
markehb
LQ Newbie
 
Registered: Mar 2004
Distribution: mandrake 9.0
Posts: 29

Original Poster
Rep: Reputation: 15
no joy again, deleted the pair. created a new one with no passphrase, copied the id_dsa.pub file into /home/mark/.ssh2/ (on the host)

created a file called authorization in the same dir and put in it:
Key id_dsa.pub

still prompts for password, not even the passphrase.

starting to bug me now

Last edited by markehb; 03-23-2004 at 11:42 AM.
 
Old 03-23-2004, 12:12 PM   #9
mako747
Member
 
Registered: Mar 2004
Location: Canada
Distribution: Slackware
Posts: 92

Rep: Reputation: 15
What is the output of ssh -V and is it the same on both machines?
 
Old 03-23-2004, 12:21 PM   #10
markehb
LQ Newbie
 
Registered: Mar 2004
Distribution: mandrake 9.0
Posts: 29

Original Poster
Rep: Reputation: 15
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
and is the same on both.
 
Old 03-23-2004, 01:24 PM   #11
mako747
Member
 
Registered: Mar 2004
Location: Canada
Distribution: Slackware
Posts: 92

Rep: Reputation: 15
Ok. Sorry for the delay. Had to build a second machine for testing.

Anyway , I have it working.

Here is what I did....
Left the sshd_config file alone, no changes.

Ran ssh-keygen -t dsa, did not enter a passphrase.

Scp'd id_dsa.pub to my /home/me/.ssh/ directory on the test machine

Touched a file called authorized_keys

brad@test:~/.ssh$ cat id_dsa.pub > authorized_keys

brad@brad:~/.ssh$ ssh 10.10.1.234
Last login: Tue Mar 23 13:14:29 2004 from brad.caledoncard.ca
Linux 2.4.22.

You will be imprisoned for contributing
your time and skill to a bank robbery.

brad@test:~$

It works.

Sorry, should have asked your versions earlier.
 
Old 03-24-2004, 04:00 AM   #12
markehb
LQ Newbie
 
Registered: Mar 2004
Distribution: mandrake 9.0
Posts: 29

Original Poster
Rep: Reputation: 15
on the remote I have a dir called ~/mark/.ssh/
which in it has the 2 pair files id_dsa and id_dsa.pub as well as known.hosts

on the host (running sshd) I have a dir called:
~/.ssh/ that has 600 permissions created by owned by user and group 'mark'

In which there is an exact copy of id_dsa.pub called authorized_kels but without the linebreak after it (cos apparently that causes probs). This is also set to 600 with and owned by user and group mark.

Can you put up your sshd_config, so I can make sure they're the same?

Then I'll delete everything and start again, without changing anything.

I also think I have a permissions prob cos even tho the user 'mark' is part of the root group it still doesn't have permissions to write to dir's etc created by root, which is why the authorized_keys etc is owned by mark and not root, whether thats right or not I dont know.

Cheers for your help btw
 
Old 03-24-2004, 04:39 AM   #13
Don_Quixote
LQ Newbie
 
Registered: Feb 2004
Location: Munich
Distribution: Suse
Posts: 5

Rep: Reputation: 0
usually ssh behaves somehow like rsh.
Did you create an .rhosts or .shosts file in $HOME for user specific settings?
Did you checked the /etc/hosts.equiv, hosts.allow, hosts.deny files for system wide settings?
Usually a ~/.shosts file containing the host name or IP of the remote part should be enough to omit the input of the password.

Erik
 
Old 03-24-2004, 04:42 AM   #14
markehb
LQ Newbie
 
Registered: Mar 2004
Distribution: mandrake 9.0
Posts: 29

Original Poster
Rep: Reputation: 15
no, the .rhosts .shosts bit, what I need to do?

yes, to the hosts.equiv/allow/deny
 
Old 03-24-2004, 05:33 AM   #15
Don_Quixote
LQ Newbie
 
Registered: Feb 2004
Location: Munich
Distribution: Suse
Posts: 5

Rep: Reputation: 0
try creating a .shost file containing just the IP adress or the hostname of the remote host you want to log in without pwd as the only entry per line.
On host A:
~/.shosts: with the content

hostname_of_host_B

On host B:
~/.shosts

hostname_of_host_A

If the names can not be resolved, use IP adresses.

There should also be soomething in the man pages of ssh...

good luck
Erik
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Does not prompt for password ssharma_02 Linux - Security 6 06-02-2005 02:51 AM
ssh no password prompt dtra Linux - Software 9 05-25-2005 02:08 PM
ssh password prompt delay long while chaze Linux - Networking 1 04-14-2005 11:03 PM
password prompt ? wr3ck3d Linux - General 5 03-20-2003 09:54 PM
remote command over ssh, password prompt linowes Linux - General 2 10-27-2002 09:22 PM


All times are GMT -5. The time now is 11:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration