LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Ssh authentication using public key not working! (https://www.linuxquestions.org/questions/linux-newbie-8/ssh-authentication-using-public-key-not-working-4175435395/)

shivaa 11-02-2012 10:32 PM
Ssh authentication using public key not working!
 
Hello everyone!
I am trying to access a server using ssh public keys without entering a password, but not getting success. Here is situation:
Local machine:
Hostname: saturn.org.com, usrename: jack
Remote machine:
Hostname: mars.org.com, username: root
What I did:
1. Logged in on saturn.org.com as user jack and generated ssh public keys using "ssh-keygen -t rsa"
2. Left password prompt blank when it asked to enter a password (I just pressed enter key)
3. Appended the encrypted public key generate (i.e. content of ~/.ssh/id_rsa.pub) from saturn.org.com into root user's .ssh/authorized_keys file on mars.org.com
4. As final step, from my local machine i.e. saturn.org.com (logged in a jack) I invoked "ssh root@mars.org.com" command to connect to saturn as root without entering a password.
But it's again & again prompts me to enter root's password. So could anybody suggest that where I am making a mistake?

lleb 11-02-2012 11:08 PM
did you set sshd to accept rsa keys?

Code:
###### DIRECTIONS FOR CREATING RSA KEY################

        Directions for creating the rsa key and making the two
 servers talk to each other without password.

        1st change directory into .ssh and check what files are there.

                [rx30@rx30 ~]$ cd .ssh
                [rx30@rx30 .ssh]$ ls -l
                total 4
                -rw-r--r-- 1 rx30 group 2980 Jun 13 12:02 known_hosts

        2nd create the rsa key.

                [rx30@rx30 .ssh]$ ssh-keygen -t rsa -b 4096
                Generating public/private rsa key pair.
                Enter file in which to save the key (/usr/rx30/.ssh/id_rsa):
                Enter passphrase (empty for no passphrase):
                Enter same passphrase again:
                Your identification has been saved in /usr/rx30/.ssh/id_rsa.
                Your public key has been saved in /usr/rx30/.ssh/id_rsa.pub.
                The key fingerprint is:
                cb:b0:40:c6:e9:f4:9e:f5:71:fc:c3:00:c0:f7:c6:75 rx30@rx30.localdomain

        3rd check that there are two new files with the following permissions

                [rx30@rx30 .ssh]$ ls -l
                total 12
                -rw------- 1 rx30 group 3243 Jun 22 15:50 id_rsa
                -rw-r--r-- 1 rx30 group  743 Jun 22 15:50 id_rsa.pub
                -rw-r--r-- 1 rx30 group 2980 Jun 13 12:02 known_hosts
       
        4th change directory back to the users $HOME

                [rx30@rx30 .ssh]$ cd

        5th copy the key to the remote server

                [rx30@rx30 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub rx30@XXX.XXX.XXX.XXX
                25
                rx30@XXX.XXX.XXX.XXX's password:
                Now try logging into the machine, with "ssh 'rx30@XXX.XXX.XXX.XXX'", and check in:

                .ssh/authorized_keys

                to make sure we haven't added extra keys that you weren't expecting.

        6th, follow directions on the screen.

                [rx30@rx30 ~]$ ssh rx30@XXX.XXX.XXX.XXX
                Last login: Fri Jun 22 14:12:08 2012 from 10.10.4.77
                [rx30@rx30 ~]$ exit
                logout
                Connection to XXX.XXX.XXX.XXX closed.
try that and see if it helps.

jsaravana87 11-03-2012 03:35 AM
3. Appended the encrypted public key generate (i.e. content of ~/.ssh/id_rsa.pub) from saturn.org.com into root user's .ssh/authorized_keys file on mars.org.com

4.You have to copy root users mars.org.com id_rsa.pub key to known_hosts of local machine saturn.org.com

5.You have to enable following parameter in sshd_config to accept key attentication

vi /etc/ssh/sshd_config

PubkeyAuthentication yes

AuthorizedKeysFile %h/.ssh/authorized_keys


6.Check out the permission of .ssh,keys,authorized-keys file these may also cause for ssh attentication failure.



http://www.linuxquestions.org/questi...os-rhel-35029/

linosaurusroot 11-03-2012 05:09 AM
Quote:
Originally Posted by arun5002 (Post 4821259)
4.You have to copy root users mars.org.com id_rsa.pub key to known_hosts of local machine saturn.org.com

5.You have to enable following parameter in sshd_config to accept key attentication
vi /etc/ssh/sshd_config

PubkeyAuthentication yes

AuthorizedKeysFile %h/.ssh/authorized_keys
http://www.linuxquestions.org/questi...os-rhel-35029/
Points 4 and 5 above are inaccurate.

It is likely sshd_config on mars does not have "PermitRootLogin yes" enabled .. you would need that to perform logins directly as root. I advise against this - log in as an individual user's account and become root when necessary with sudo or su.

http://www.snailbook.com/faq/

jsaravana87 11-03-2012 06:20 AM
@linosaurusroot

I will accept 4 point is inaccurate if the user generate passwordless attentication for normal user .But the user scenerio he has been generating passwordless attentication for his root directory .I dont think what i have posted his wrong if he trying to create passwordless login for his root directory.



4.You have to copy root users mars.org.com id_rsa.pub key to known_hosts of local machine saturn.org.com


@linosaurusroot,

Can you explain what wrong with 5 point i have posted .I dont think without enabling the
PubkeyAuthentication yes passwordless key login never seems to work.

5.You have to enable following parameter in sshd_config to accept key attentication


vi /etc/ssh/sshd_config

PubkeyAuthentication yes

AuthorizedKeysFile %h/.ssh/authorized_keys

linosaurusroot 11-03-2012 09:03 AM
Point 4 confused 32 different kinds of keys - host keys (as in known_hosts) and user keys (as in id_rsa.pub).


Point 5 overlooks that in /etc/ssh/sshd_config
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
are the defaults and do not need to be uncommented unless you mean to change them.

shivaa 03-04-2013 07:20 AM
Found a solution finally.

Thanks everyone for your responses.

Ciao.

linosaurusroot 03-04-2013 07:27 AM
You should detail what the solution was for the benefit of anyone coming across this thread later.

http://xkcd.com/979/

shivaa 03-04-2013 07:40 AM
Quote:
Originally Posted by linosaurusroot (Post 4904308)
You should detail what the solution was for the benefit of anyone coming across this thread later.
Of course, why not. I am actually writing a blog on the same, so very soon I will share my blog here with complete procedure. :)

shivaa 03-07-2013 09:44 PM
For complete procedure, please follow my blog here.

RaviTezu 03-07-2013 10:19 PM
Quote:
Originally Posted by shivaa (Post 4907159)
For complete procedure, please follow my blog here.
Thanks for posting the solution.
I'd like to know, how can i login to remote machine as root being a normal user on local machine ?
i.e i'd like to login as root on mars from being a jack on saturn.


Will that work if we copy the ssh public key of jack to the /root/.ssh/authorized_keys file on mars?

shivaa 03-07-2013 10:53 PM
@RaviTezu:
You will first need to generate rsa keys for root user on saturn.
Code:
root@saturn~# ssh-keygen -t rsa
Then copy or append this key into root user's ~/.ssh/authorized_keys file on mars.
Code:
root@saturn~# cat ~/.ssh/id_rsa.pub | ssh root@mars 'cat >> ~/.ssh/authorized_keys'

RaviTezu 03-07-2013 11:00 PM
Thanks for the reply.

That will allow the root user from saturn to login as root into mars.

What i need is .. being jack on saturn..i want to login as root into mars.

Will it work if i add jack ssh public key(Which is generated on mars)to the /root/.ssh/authorizes_keys(Which is residing in root home directory) on mars?

---------- Post added 03-08-13 at 10:31 AM ----------

& It is working!! Thanks shivaa!

shivaa 03-07-2013 11:17 PM
Yes, it should work. You can test it.


All times are GMT -5. The time now is 03:28 PM.