no password ssh not working as it used to
I backup stuff on my home machine by rsyncing with my work machine. I have to pull from work because I can't see my work machine externally.
The process is usually as follows: 1) logon to visible machine at work 2) login to my machine 3) switch to root (i have a external HD that only root can see) 4) run rsync script Since there are several rsync commands I set up no password ssh by copying the root@work public key in to my authorised keys. THen out of the blue this stopped working. I cannot get it to work again, even by starting all over from scratch. On my home network public keys work. I allow access via ssh to my home network using a non standar port and my hostname is set via ddclient, although my ISP tends to give me the same IP address at all times anyway. How can I trouble shoot this? Many thanks, Dave |
Quote:
start with manual ssh connection using verbose flag and tail -f logs at remote side at the same time Code:
ssh -vv user@host |
Also, are you watching /var/log/auth.log? I presume since you say "my work machine" that you are in control of that machine? So another sysadmin would not have blocked root logins?
If I were the sysadmin, I would have blocked it. That's a standard security practice. I use a restricted user account for backups and use sudo when needed. The keys are also restricted so that the connections can only do what I originally intended. It works just fine for doing backups, and root is not allowed to login remotely. By the way, if you aren't familiar with it already, http://sial.org/howto/openssh/publickey-auth/ is a pretty standard reference for setting up keys. It also has some debugging notes. |
Quote:
A quick - Code:
$ chmod go-w /home/foo While you're reviewing and fixing that, also confirm that /home/foo/.ssh and /home/foo/.ssh/authorized_keys is readable by only foo. |
Hi,
@choogendyk So I have full root access to my work machine. I'm an academic and things are a little more relaxed. root logins over ssh are not allowed though. I'm backing up as root for some reason that I can't remember. I think I wanted to mount the drive as read only for my user account. Here is the verbose output of ssh. I think the lines at the end are telling what is going wrong, but I don't understand it. Is it trying to access as root on my home machine even though the ssh command is user@homemachine?: Quote:
Quote:
Quote:
Thanks, Dave |
Quote:
i say this because Code:
debug2: key: /root/.ssh/authorized_keys ((nil)) [code] debug1: Trying private key: /home/root/.ssh/identity debug1: Trying private key: /home/root/.ssh/id_rsa debug1: Offering public key: /home/root/.ssh/id_dsa debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-dss blen 433 you may get some more info from Code:
/var/log/secure points to keypair mismatch |
I don't really understand. I generated a fresh pair in .ssh as root on my work machine:
Quote:
Which keys are mismatched? Many thanks, Dave |
authorized_keys2? I thought more recent versions of OpenSSH had dropped that distinction. Try authorized_keys, and see if that does something. Also, do look at
Quote:
|
Quote:
the sshd_config file will tell you if ssh looks for authorized_keys or authorized_keys2. the key isnt being found......according to the verbose output |
Quote:
looks like authorized_keys is being checked. Code:
debug2: key: /root/.ssh/authorized_keys ((nil)) |
@robotronic: Have you explored my suggestion yet?
|
@anomie Yes thanks.
I should point out that I can log in with public keys from two other machines: 1) the a laptop on my home network 2) a work machine visible to the outside world. This implies to me that I have things set up correctly at this end. The machine I am rsyncing from is not visible externally (which is why I am pulling to it). This is the one that is not working, (Although it used to!!!!). Now, here is what I don't get: Code:
debug2: service_accept: ssh-userauth Okay so the work user is root, but it is logging on as myname: Code:
root@workdt:# ssh myname@home -p xxxxx Many thanks for all your help so far! Dave |
All times are GMT -5. The time now is 10:55 AM. |