LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-01-2011, 10:22 AM   #1
selahlynch
LQ Newbie
 
Registered: Feb 2011
Location: Philadelphia, PA
Posts: 5

Rep: Reputation: 0
trouble with RSA key authentication and ssh


Hello,

I have two Linux machines, SVNServer and ProdServer. I would like to use RSA key authentication so that I can log into either one of them from the other.

I have no problem setting up key authentication that goes ProdServer --> SVNServer. However when I follow the same process to setup keys to go from SVNServer to ProdServer I have trouble.

A summary of what I did:
$ ssh-keygen -t rsa (i accepted all defaults)
$ scp .ssh/id_rsa.pub lynchs@ProdServer:./tempkey
** on prodserver $cat tempkey >> .ssh/authorized_keys
$ ssh lynchs@ProdServer

No luck! It still prompts me for my password!

Not sure if it is related but there is a third machine, again I can use key authentication to connect to SVNServer without a problem, but key authenication does not work when connecting to ProdServer.

Any suggestions would be appreciated. Thanks.
 
Old 02-01-2011, 10:25 AM   #2
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 3,143
Blog Entries: 1

Rep: Reputation: 998Reputation: 998Reputation: 998Reputation: 998Reputation: 998Reputation: 998Reputation: 998Reputation: 998
check that the owner is correct, and that the permissions are correct.

owner should be the user, permissions should be 600
 
Old 02-01-2011, 10:48 AM   #3
selahlynch
LQ Newbie
 
Registered: Feb 2011
Location: Philadelphia, PA
Posts: 5

Original Poster
Rep: Reputation: 0
authorized_keys and id_rsa both have permissions set at 600
and the owner is correct also

Code:
[lynchs@cvi-dev-trac01 ~]$ ll .ssh
total 20
-rw------- 1 lynchs lynchs 1204 Jan 31 11:04 authorized_keys
drwxrwxr-x 2 lynchs lynchs 4096 Jan 19 12:07 hidem
-rw------- 1 lynchs lynchs 1675 Feb  1 10:51 id_rsa
-rw-r--r-- 1 lynchs lynchs  403 Feb  1 10:51 id_rsa.pub
-rw-r--r-- 1 lynchs lynchs  397 Jan 18 08:47 known_hosts
 
Old 02-01-2011, 10:51 AM   #4
selahlynch
LQ Newbie
 
Registered: Feb 2011
Location: Philadelphia, PA
Posts: 5

Original Poster
Rep: Reputation: 0
Also, here is an exerpt from running verbose ssh...

Code:
debug1: Next authentication method: publickey
debug1: Trying private key: /home/lynchs/.ssh/identity
debug1: Offering public key: /home/lynchs/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/lynchs/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
 
Old 02-01-2011, 09:16 PM   #5
grim76
Member
 
Registered: Jun 2007
Distribution: Debian, SLES, Ubuntu
Posts: 281

Rep: Reputation: 46
Is the server actually setup to allow key based authentication? Also is authorized_keys the right file name on both ends. Some implementations use authorized_keys2 and some use authorized_keys.
 
Old 02-01-2011, 09:24 PM   #6
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
What OS/version? On RHEL-based distros, for instance, sshd logs helpful troubleshooting info to /var/log/secure.

Is the (server side) user's home directory group or world writable? If so, and if StrictModes is enabled (often is by default), you break pubkey authentication.
 
Old 02-02-2011, 01:43 AM   #7
BoraxMan
Member
 
Registered: Apr 2010
Posts: 84

Rep: Reputation: 8
Quote:
Originally Posted by szboardstretcher View Post
check that the owner is correct, and that the permissions are correct.

owner should be the user, permissions should be 600
The .ssh directory should also have permissions set to 700. ssh wont proceed otherwise.
 
1 members found this post helpful.
Old 02-02-2011, 08:06 AM   #8
selahlynch
LQ Newbie
 
Registered: Feb 2011
Location: Philadelphia, PA
Posts: 5

Original Poster
Rep: Reputation: 0
Ah hah, my .ssh directory permissions were not set to 700 on my ProdServer.

Now they are! and I can log into ProdServer from both machines without a password.

Thank you!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Putty/SSH login failed when using RSA public key: 'Server refused our key' itsecx@gmail.com Linux - Server 10 10-04-2010 01:19 PM
ssh authentication with rsa razero Linux - Security 2 04-12-2010 04:24 AM
failed ssh RSA key authentication jdarren Linux - Networking 15 07-06-2008 10:25 AM
RSA Key Authentication with SSH fail with no reply for publickey powah Linux - Security 2 11-18-2006 12:24 PM
ssh RSA key thanat0s Linux - Security 3 09-29-2003 09:51 PM


All times are GMT -5. The time now is 04:39 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration