LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-08-2013, 03:54 AM   #1
gargaks83
LQ Newbie
 
Registered: Sep 2013
Posts: 10

Rep: Reputation: Disabled
Unhappy ssh login


Hi all,

I was trying to do password less ssh log-in between two machines with different host name( linux & redhat), and I used the following commands:

ssh-keygen t rsa

scp /root/.ssh/id_rsa.pub redhat:/root/.ssh/authorized_keys
----------------------------------
ssh-keygen t rsa

scp /root/.ssh/id_rsa.pub linux:/root/.ssh/authorized_keys
----------------------------------
I am able to log-in from linux to redhat but not able to log-in from redhat to linux without password.

please suggest where I am lacking.......
 
Old 11-08-2013, 04:02 AM   #2
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
It could be that root logins using ssh are disabled.

Check the /etc/ssh/sshd_config file and look for this line: PermitRootLogin no you can change that to yes and restart the sshd daemon.

BTW: Direct root access from one machine to the other isn't a best practise. You might want to consider login into another host as a normal user and then switch to the root user.
 
Old 11-08-2013, 04:22 AM   #3
gargaks83
LQ Newbie
 
Registered: Sep 2013
Posts: 10

Original Poster
Rep: Reputation: Disabled
Hi Druuna,

Thanx for the reply, but this is not the reason as it is already YES:

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes

Please suggest what else can be the reason....
 
Old 11-08-2013, 04:39 AM   #4
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
A few questions:

- Have you checked the PermitRootLogin entry on both machines?
- Are you able to ssh both ways, as root (using a password)?
- What are the permissions of the /root/.ssh directory and the files inside it (.ssh should be 400 700 and the authorized_keys file should be 600)?

Last edited by druuna; 11-08-2013 at 05:36 AM. Reason: .ssh directory permissions: 400 should be 700
 
Old 11-08-2013, 04:52 AM   #5
gargaks83
LQ Newbie
 
Registered: Sep 2013
Posts: 10

Original Poster
Rep: Reputation: Disabled
yes, I checked it on both the machines.
yes, I am able to log-in both ways, but one with password & other password-less.
permissions are same for mentioned file & d in both the machines.
 
Old 11-08-2013, 04:58 AM   #6
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: CentOS 7.1
Posts: 656

Rep: Reputation: 121Reputation: 121
Check your selinux label on the file after copy. It probably would not be as required by selinux

Code:
$ restorecon -Rv ~/.ssh
Then try again
 
Old 11-08-2013, 05:00 AM   #7
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
If I understand correctly then this works: linux -> redhat
And this does not work: redhat -> linux

Can you post the output of the following, from the redhat machine:
Code:
ssh -v root@linux
EDIT: If selinux is in enforcing mode then ericson007 might have a good point.

Last edited by druuna; 11-08-2013 at 05:01 AM.
 
Old 11-08-2013, 05:08 AM   #8
gargaks83
LQ Newbie
 
Registered: Sep 2013
Posts: 10

Original Poster
Rep: Reputation: Disabled
Hi Druuna,

here is the output, you asked for:

[root@redhat ~]# ssh -v root@linux
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to linux [10.216.67.70] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'linux' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195

debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195

debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195

debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
root@linux's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Thu Nov 7 21:06:08 2013 from 10.216.67.68
[root@linux ~]#
 
Old 11-08-2013, 05:36 AM   #9
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
I don't see anything suspicious (it is a rather old Redhat version, but that shouldn't be a problem).

Maybe something went wrong when you created/copied the public key. Have you tried re-doing those steps.

Just to make sure you do all the correct steps:
- SSH login without password
- SSH Passwordless Login Using SSH Keygen in 5 Easy Steps
 
1 members found this post helpful.
Old 11-08-2013, 09:11 AM   #10
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: CentOS 7.1
Posts: 656

Rep: Reputation: 121Reputation: 121
Can you post

Code:
 ls -Z ~/.ssh
And

Code:
 sestatus
From the user you are trying to log in as.
 
Old 11-08-2013, 11:10 AM   #11
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
follow the links in my sig for help.
 
1 members found this post helpful.
Old 11-11-2013, 12:08 AM   #12
gargaks83
LQ Newbie
 
Registered: Sep 2013
Posts: 10

Original Poster
Rep: Reputation: Disabled
Hi ericson007,

here is the output, you asked for:

[root@redhat ~]# ls -Z ~/.ssh
-rw-r--r-- root root authorized_keys
-rw------- root root id_rsa
-rw-r--r-- root root id_rsa.pub
-rw-r--r-- root root known_hosts
[root@redhat ~]# sestatus
SELinux status: disabled
[root@redhat ~]#
 
Old 11-11-2013, 01:05 AM   #13
gargaks83
LQ Newbie
 
Registered: Sep 2013
Posts: 10

Original Poster
Rep: Reputation: Disabled
Hi Team,

Thanks for the support. But,I guess there was some mistake from my side in executing the commands as I got the desired output when I again performed the task.
Output:
-------------------------------------
[root@linux ~]# ssh redhat
Enter passphrase for key '/root/.ssh/id_rsa':
Last login: Thu Nov 7 07:06:40 2013 from linux.testlab.org
[root@redhat ~]#
-------------------------------------
-------------------------------------
[root@redhat ~]# ssh linux
Enter passphrase for key '/root/.ssh/id_rsa':
Last login: Thu Nov 7 23:36:19 2013 from redhat.testlab.org
[root@linux ~]#
-------------------------------------
 
Old 11-11-2013, 01:11 AM   #14
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: CentOS 7.1
Posts: 656

Rep: Reputation: 121Reputation: 121
Glad to hear you got it sorted.

Last edited by ericson007; 11-11-2013 at 01:17 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SELinux preventing ssh login with ~/.ssh/authorized_keys Seattle98122 Linux - Security 2 07-13-2013 08:06 PM
Remote ssh login (passwords useless), and local login (using password) linuxStudent11 Linux - Security 1 01-09-2013 02:30 PM
Passwordless ssh works. Normal login/ssh Fails. gurunarayanan Linux - Newbie 9 11-08-2012 05:42 AM
[SOLVED] ssh-keygen for auto ssh login not working R00ts Linux - Software 26 09-23-2012 02:40 PM
[SOLVED] SSH login problem for additional users after password-less login setup uncle-c Linux - Newbie 3 02-10-2010 01:51 PM


All times are GMT -5. The time now is 04:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration