LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-02-2012, 10:32 PM   #1
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,797
Blog Entries: 4

Rep: Reputation: 285Reputation: 285Reputation: 285
Ssh authentication using public key not working!


Hello everyone!
I am trying to access a server using ssh public keys without entering a password, but not getting success. Here is situation:
Local machine:
Hostname: saturn.org.com, usrename: jack
Remote machine:
Hostname: mars.org.com, username: root
What I did:
1. Logged in on saturn.org.com as user jack and generated ssh public keys using "ssh-keygen -t rsa"
2. Left password prompt blank when it asked to enter a password (I just pressed enter key)
3. Appended the encrypted public key generate (i.e. content of ~/.ssh/id_rsa.pub) from saturn.org.com into root user's .ssh/authorized_keys file on mars.org.com
4. As final step, from my local machine i.e. saturn.org.com (logged in a jack) I invoked "ssh root@mars.org.com" command to connect to saturn as root without entering a password.
But it's again & again prompts me to enter root's password. So could anybody suggest that where I am making a mistake?

Last edited by shivaa; 11-02-2012 at 10:39 PM.
 
Old 11-02-2012, 11:08 PM   #2
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,523

Rep: Reputation: 448Reputation: 448Reputation: 448Reputation: 448Reputation: 448
did you set sshd to accept rsa keys?

Code:
###### DIRECTIONS FOR CREATING RSA KEY################

	Directions for creating the rsa key and making the two
 servers talk to each other without password.

	1st change directory into .ssh and check what files are there.

 		[rx30@rx30 ~]$ cd .ssh
		[rx30@rx30 .ssh]$ ls -l
		total 4
		-rw-r--r-- 1 rx30 group 2980 Jun 13 12:02 known_hosts

	2nd create the rsa key.

		[rx30@rx30 .ssh]$ ssh-keygen -t rsa -b 4096
		Generating public/private rsa key pair.
		Enter file in which to save the key (/usr/rx30/.ssh/id_rsa):
		Enter passphrase (empty for no passphrase):
		Enter same passphrase again:
		Your identification has been saved in /usr/rx30/.ssh/id_rsa.
		Your public key has been saved in /usr/rx30/.ssh/id_rsa.pub.
		The key fingerprint is:
		cb:b0:40:c6:e9:f4:9e:f5:71:fc:c3:00:c0:f7:c6:75 rx30@rx30.localdomain

	3rd check that there are two new files with the following permissions

		[rx30@rx30 .ssh]$ ls -l
		total 12
		-rw------- 1 rx30 group 3243 Jun 22 15:50 id_rsa
		-rw-r--r-- 1 rx30 group  743 Jun 22 15:50 id_rsa.pub
		-rw-r--r-- 1 rx30 group 2980 Jun 13 12:02 known_hosts
	
	4th change directory back to the users $HOME

		[rx30@rx30 .ssh]$ cd

	5th copy the key to the remote server

		[rx30@rx30 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub rx30@XXX.XXX.XXX.XXX
		25
		rx30@XXX.XXX.XXX.XXX's password:
		Now try logging into the machine, with "ssh 'rx30@XXX.XXX.XXX.XXX'", and check in:

		.ssh/authorized_keys

		to make sure we haven't added extra keys that you weren't expecting.

	6th, follow directions on the screen.

		[rx30@rx30 ~]$ ssh rx30@XXX.XXX.XXX.XXX
		Last login: Fri Jun 22 14:12:08 2012 from 10.10.4.77
		[rx30@rx30 ~]$ exit
		logout
		Connection to XXX.XXX.XXX.XXX closed.
try that and see if it helps.
 
Old 11-03-2012, 03:35 AM   #3
arun5002
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 549
Blog Entries: 5

Rep: Reputation: Disabled
3. Appended the encrypted public key generate (i.e. content of ~/.ssh/id_rsa.pub) from saturn.org.com into root user's .ssh/authorized_keys file on mars.org.com

4.You have to copy root users mars.org.com id_rsa.pub key to known_hosts of local machine saturn.org.com

5.You have to enable following parameter in sshd_config to accept key attentication

vi /etc/ssh/sshd_config

PubkeyAuthentication yes

AuthorizedKeysFile %h/.ssh/authorized_keys


6.Check out the permission of .ssh,keys,authorized-keys file these may also cause for ssh attentication failure.



http://www.linuxquestions.org/questi...os-rhel-35029/

Last edited by arun5002; 11-03-2012 at 03:37 AM.
 
Old 11-03-2012, 05:09 AM   #4
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 761
Blog Entries: 2

Rep: Reputation: 197Reputation: 197
Quote:
Originally Posted by arun5002 View Post
4.You have to copy root users mars.org.com id_rsa.pub key to known_hosts of local machine saturn.org.com

5.You have to enable following parameter in sshd_config to accept key attentication
vi /etc/ssh/sshd_config

PubkeyAuthentication yes

AuthorizedKeysFile %h/.ssh/authorized_keys
http://www.linuxquestions.org/questi...os-rhel-35029/
Points 4 and 5 above are inaccurate.

It is likely sshd_config on mars does not have "PermitRootLogin yes" enabled .. you would need that to perform logins directly as root. I advise against this - log in as an individual user's account and become root when necessary with sudo or su.

http://www.snailbook.com/faq/
 
1 members found this post helpful.
Old 11-03-2012, 06:20 AM   #5
arun5002
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 549
Blog Entries: 5

Rep: Reputation: Disabled
@linosaurusroot

I will accept 4 point is inaccurate if the user generate passwordless attentication for normal user .But the user scenerio he has been generating passwordless attentication for his root directory .I dont think what i have posted his wrong if he trying to create passwordless login for his root directory.



4.You have to copy root users mars.org.com id_rsa.pub key to known_hosts of local machine saturn.org.com


@linosaurusroot,

Can you explain what wrong with 5 point i have posted .I dont think without enabling the
PubkeyAuthentication yes passwordless key login never seems to work.

5.You have to enable following parameter in sshd_config to accept key attentication


vi /etc/ssh/sshd_config

PubkeyAuthentication yes

AuthorizedKeysFile %h/.ssh/authorized_keys

Last edited by arun5002; 11-03-2012 at 06:23 AM.
 
Old 11-03-2012, 09:03 AM   #6
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 761
Blog Entries: 2

Rep: Reputation: 197Reputation: 197
Point 4 confused 32 different kinds of keys - host keys (as in known_hosts) and user keys (as in id_rsa.pub).


Point 5 overlooks that in /etc/ssh/sshd_config
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
are the defaults and do not need to be uncommented unless you mean to change them.
 
Old 03-04-2013, 07:20 AM   #7
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,797
Blog Entries: 4

Original Poster
Rep: Reputation: 285Reputation: 285Reputation: 285
Found a solution finally.

Thanks everyone for your responses.

Ciao.
 
Old 03-04-2013, 07:27 AM   #8
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 761
Blog Entries: 2

Rep: Reputation: 197Reputation: 197
You should detail what the solution was for the benefit of anyone coming across this thread later.

http://xkcd.com/979/
 
Old 03-04-2013, 07:40 AM   #9
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,797
Blog Entries: 4

Original Poster
Rep: Reputation: 285Reputation: 285Reputation: 285
Quote:
Originally Posted by linosaurusroot View Post
You should detail what the solution was for the benefit of anyone coming across this thread later.
Of course, why not. I am actually writing a blog on the same, so very soon I will share my blog here with complete procedure.
 
Old 03-07-2013, 09:44 PM   #10
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,797
Blog Entries: 4

Original Poster
Rep: Reputation: 285Reputation: 285Reputation: 285
For complete procedure, please follow my blog here.
 
Old 03-07-2013, 10:19 PM   #11
RaviTezu
Member
 
Registered: Nov 2012
Location: India
Distribution: Fedora, CentOs, RHEL
Posts: 164

Rep: Reputation: 24
Quote:
Originally Posted by shivaa View Post
For complete procedure, please follow my blog here.
Thanks for posting the solution.
I'd like to know, how can i login to remote machine as root being a normal user on local machine ?
i.e i'd like to login as root on mars from being a jack on saturn.


Will that work if we copy the ssh public key of jack to the /root/.ssh/authorized_keys file on mars?
 
Old 03-07-2013, 10:53 PM   #12
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,797
Blog Entries: 4

Original Poster
Rep: Reputation: 285Reputation: 285Reputation: 285
@RaviTezu:
You will first need to generate rsa keys for root user on saturn.
Code:
root@saturn~# ssh-keygen -t rsa
Then copy or append this key into root user's ~/.ssh/authorized_keys file on mars.
Code:
root@saturn~# cat ~/.ssh/id_rsa.pub | ssh root@mars 'cat >> ~/.ssh/authorized_keys'
 
Old 03-07-2013, 11:00 PM   #13
RaviTezu
Member
 
Registered: Nov 2012
Location: India
Distribution: Fedora, CentOs, RHEL
Posts: 164

Rep: Reputation: 24
Thanks for the reply.

That will allow the root user from saturn to login as root into mars.

What i need is .. being jack on saturn..i want to login as root into mars.

Will it work if i add jack ssh public key(Which is generated on mars)to the /root/.ssh/authorizes_keys(Which is residing in root home directory) on mars?

---------- Post added 03-08-13 at 10:31 AM ----------

& It is working!! Thanks shivaa!
 
Old 03-07-2013, 11:17 PM   #14
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,797
Blog Entries: 4

Original Poster
Rep: Reputation: 285Reputation: 285Reputation: 285
Yes, it should work. You can test it.
 
  


Reply

Tags
ssh access using key


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH public key authentication not working to0 Red Hat 6 12-06-2012 02:14 AM
SSH skips public key authentication for a key, but works with another key simopal6 Linux - General 1 07-06-2011 08:33 AM
Public key authentication with ssh elnacho12 Linux - Networking 3 12-18-2007 08:38 AM
Public Key Authentication with SSH edafe Ubuntu 1 08-26-2006 11:06 AM
Can't use public key authentication with SSH Noob69 Linux - General 5 01-06-2006 06:27 AM


All times are GMT -5. The time now is 05:25 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration