LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-12-2010, 12:03 PM   #1
deelinux
Member
 
Registered: Nov 2009
Posts: 35

Rep: Reputation: 15
ssh help


Hello

I have setup ssh but it's not working...looking for some advise.

Here is what I have done

On the first Red Hat box

Step 1 su to test_user

Step 2 run ssh-keygen -t rsa

Step 3 Enter defaults file location/path

Step 4 Enter the pass phrase - testing

The keys generated now

2b:ba:5b:af:ec:06:4b:bb:10:8e:27:e6:b3:6f:75:0f test@test.com

Step 5 run chmod 755 ~/.ssh

Step 6 Run the same steps above on the Remote Linux box

Step 7 copied the first linux box keys to the /tmp folder on the second linux box and then copied and renamed it to the ~/.ssh/authorized_key file.

Step 8 tried to use scp, but I still get prompted for a password from the second linux box ..

I dont know where I have gone wrong, tried several times and same issue.

If any one has any ideas that would be great, I'm also not sure if I should be configuring the ssh_config file for any settings?


rgds

D
 
Old 02-12-2010, 12:30 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
the directory permissions are wrong, they are usually 700, with the files inside, 600. by having 755 it means that anyone can access that directory, making it massively insecure, and therefore ssh sees this and refuses to use it.
 
Old 02-12-2010, 12:32 PM   #3
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,085

Rep: Reputation: 398Reputation: 398Reputation: 398Reputation: 398
See here and here

Remember:

ssh is very fussy about file permissions.

You can see what is (not) happening when you ssh -vvv user@host

You are generating a key with a passphrase. I prefer not to use one, then I don't get asked for it. If you get the file permissions on your private keys right, you shouldn't need a passphrase.
 
Old 02-12-2010, 12:40 PM   #4
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
Hmm... here's some clue:
Quote:
Step 4 Enter the pass phrase - testing
If you want to set-up a password-less authentication, you should leave the pass-phrase empty, otherwise you will be prompted for the pass-phrase at every login.
Quote:
Step 5 run chmod 755 ~/.ssh
Nope. Leave the permission of the .ssh directory untouched. They should be 700, otherwise some SSH server may refuse connections.
Quote:
Step 6 Run the same steps above on the Remote Linux box
You need this if you want to set-up a two-way password-less connection (maybe not useful). In any case, better to set-up a one-way connection FROM your local machine TO the remote server and test it in the first instance.
Quote:
Step 7 copied the first linux box keys to the /tmp folder on the second linux box and then copied and renamed it to the ~/.ssh/authorized_key file.
What key did you copied in authorized_key file? The private or the public one? On your local machine, where you have generated the key pair, you should have ended up with two files: id_rsa (the private key) and id_rsa.pub (the public key). Never (and I mean never) share or copy the private key to another machine: it is like your fingerprints (it is yours, it should stay in your local .ssh directory with no r/w permissions for other users and no-one should have access to it in one way or another). This means you have just to copy (append) the content of the public key into the authorized_keys file on the remote machine.

If something still goes wrong (and you're still prompted for password) use the -v option of ssh and check the dialog between the local and the remote machine. It should give you some useful information on what's going on.

Last edited by colucix; 02-12-2010 at 12:44 PM. Reason: Mixed quote and code tags... corrected.
 
Old 02-12-2010, 12:47 PM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
A passphrase protects the private key on the client side and has nothing to do with the server you are trying to connect to. It prevents a lost client's key from being used to attack the server.

You can use:
eval $(ssh-agent)
ssh-add

Then you don't need to enter the pass phrase more than once in that session. You can set it up so your system asks for the pass phrase when you log in as well.

You also need to check the permissions of your HOME directory. It can't allow others read access. Sometimes a "users" group access is allowed so regular users can share directories easily using samba. It also has the effect that other uses can read files in your HOME directory which I wouldn't recommend.

Also read the comments in the /etc/ssh/sshd_config file (on the ssh server side). Just above the "UsePAM Yes" line. It explains two options to disable if you want to use public key authentication.

I would also recommend disabling root logins, and using the "AllowUsers <your_username>" option in sshd_config.
That will only allow logins from yourself and reject all attempts to log in as a system user. (e.g. http, postfix)
 
Old 02-13-2010, 04:00 AM   #6
deelinux
Member
 
Registered: Nov 2009
Posts: 35

Original Poster
Rep: Reputation: 15
Thanks very much all for your comments,

I will run through and see how I go....and yes its very fussy to setup, but I guess it has a ssh has security conscience

Cheers

Dee
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 03:50 AM
LXer: ssh-xfer: Quickly grabbing files over an existing SSH connection LXer Syndicated Linux News 0 08-08-2008 04:11 PM
setting up an ssh soxy or local ssh tunnel from within an ssh soxy Mangenius Linux - Networking 0 03-05-2007 04:15 PM
Passwordless SSH with SSH commercial server and open ssh cereal83 Linux - General 7 04-18-2006 01:34 PM


All times are GMT -5. The time now is 01:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration