-   Linux - Networking (
-   -   trouble with RSA key authentication and ssh (

selahlynch 02-01-2011 11:22 AM

trouble with RSA key authentication and ssh

I have two Linux machines, SVNServer and ProdServer. I would like to use RSA key authentication so that I can log into either one of them from the other.

I have no problem setting up key authentication that goes ProdServer --> SVNServer. However when I follow the same process to setup keys to go from SVNServer to ProdServer I have trouble.

A summary of what I did:
$ ssh-keygen -t rsa (i accepted all defaults)
$ scp .ssh/ lynchs@ProdServer:./tempkey
** on prodserver $cat tempkey >> .ssh/authorized_keys
$ ssh lynchs@ProdServer

No luck! It still prompts me for my password!

Not sure if it is related but there is a third machine, again I can use key authentication to connect to SVNServer without a problem, but key authenication does not work when connecting to ProdServer.

Any suggestions would be appreciated. Thanks.

szboardstretcher 02-01-2011 11:25 AM

check that the owner is correct, and that the permissions are correct.

owner should be the user, permissions should be 600

selahlynch 02-01-2011 11:48 AM

authorized_keys and id_rsa both have permissions set at 600
and the owner is correct also


[lynchs@cvi-dev-trac01 ~]$ ll .ssh
total 20
-rw------- 1 lynchs lynchs 1204 Jan 31 11:04 authorized_keys
drwxrwxr-x 2 lynchs lynchs 4096 Jan 19 12:07 hidem
-rw------- 1 lynchs lynchs 1675 Feb  1 10:51 id_rsa
-rw-r--r-- 1 lynchs lynchs  403 Feb  1 10:51
-rw-r--r-- 1 lynchs lynchs  397 Jan 18 08:47 known_hosts

selahlynch 02-01-2011 11:51 AM

Also, here is an exerpt from running verbose ssh...


debug1: Next authentication method: publickey
debug1: Trying private key: /home/lynchs/.ssh/identity
debug1: Offering public key: /home/lynchs/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/lynchs/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password

grim76 02-01-2011 10:16 PM

Is the server actually setup to allow key based authentication? Also is authorized_keys the right file name on both ends. Some implementations use authorized_keys2 and some use authorized_keys.

anomie 02-01-2011 10:24 PM

What OS/version? On RHEL-based distros, for instance, sshd logs helpful troubleshooting info to /var/log/secure.

Is the (server side) user's home directory group or world writable? If so, and if StrictModes is enabled (often is by default), you break pubkey authentication.

BoraxMan 02-02-2011 02:43 AM


Originally Posted by szboardstretcher (Post 4244746)
check that the owner is correct, and that the permissions are correct.

owner should be the user, permissions should be 600

The .ssh directory should also have permissions set to 700. ssh wont proceed otherwise.

selahlynch 02-02-2011 09:06 AM

Ah hah, my .ssh directory permissions were not set to 700 on my ProdServer.

Now they are! and I can log into ProdServer from both machines without a password.

Thank you!

All times are GMT -5. The time now is 05:02 PM.