LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-29-2007, 11:42 AM   #1
bittus
Member
 
Registered: Aug 2006
Posts: 151

Rep: Reputation: 15
Unhappy ssh login using keys


I am trying to make my server accessible without trying password. But now I faced severe issues.

I made rsa.pub keys from client machine and appended it to authorized_keys of server. Restarted sshd also. But wen i try to login, it asks me for password

another thing i found from my /var/log/messages file is :

sshd[4283]: Parsing authorization file /root/.ssh2/authorization resulted in error (user root tried to authenticate)

sometimes wen i try to restart sshd, it crashed and i was thrown out of the server. Then i need to rlogin and then restart sshd. After the second restart of sshd, it works fine.

can any1 help me on this?

Last edited by bittus; 11-29-2007 at 11:46 AM.
 
Old 11-29-2007, 01:42 PM   #2
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Rep: Reputation: 63
Is this a fedora box ?
If yes, look for a message like this in /var/log/secure:

Code:
sshd[6013]: Authentication refused: bad ownership or modes for file /home/jonhdoe/.ssh/authorized_keys
if you are getting this message, fix the permissions of your .ssh/authorized_keys file with :
Code:
$ chmod 0700 ~/.ssh
$ chmod 0600 ~/.ssh/*
 
Old 11-29-2007, 08:56 PM   #3
cojo
Member
 
Registered: Feb 2003
Location: St. Louis
Distribution: RedHat 8
Posts: 262

Rep: Reputation: 31
did you create the key from the client machine or server? If you want to access your server without password from the client machine. You will need to create the key on the server then scp the id_rsa.pub key your client machine authorized_key file.
 
Old 11-29-2007, 09:05 PM   #4
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Besides adding the keys to the respective authorized_keys files, you may need to disable PAM integration in /etc/ssh/sshd_config. Also check if root logins are disabled.

First decide whether root access is worth the risk.
The most secure way of doing this is to create the keys on the server with passphrases and run ssh-keyring to hold the passphrase on the client.

The man page for ssh has the details. The ssh_config and sshd_config files also have their own man pages.
 
Old 11-29-2007, 09:30 PM   #5
pccdrussell
Member
 
Registered: Jan 2006
Distribution: Ubuntu
Posts: 62

Rep: Reputation: 15
For me personally, this is the easiest way, it sounds like you already have your client keys made, but will put it all in for future people that stumble upon this thread....
On your client machine, run the following..
Code:
ssh-keygen -t rsa
(You can put in a passphrase if desired, I would recommend it)
then
Code:
cd ~/.ssh
you can run ls to verify your keys are in there.
then next
Code:
ssh-copy-id -i id_rsa.pub user@host
**Note- user@host example would be joe@10.1.1.1 (where 10.1.1.1 is the remote IP and joe is the remote user you want to login as without using a password) This will prompt your for joe@10.1.1.1's password to verify and from there on out it will not prompt you for a password when you ssh to joe@10.1.1.1. If you created a passphrase for your client keys, it will prompt you for the passphrase you created when you issue #ssh joe@10.1.1.1 not the "password"
I hope that all made sense. Another note, you may also use DSA rather than RSA if you prefer, just substitute "dsa" where I put "rsa"
 
Old 11-30-2007, 06:55 AM   #6
LlNUX
Member
 
Registered: Oct 2007
Location: Sydney, Australia
Distribution: Debian
Posts: 63

Rep: Reputation: 15
Passwordless ssh - public and private keys

Here you can find quick how to exchange public and private keys for ssh .
Passwordless ssh - public and private keys

hope this helps
 
  


Reply

Tags
exchange, keys, passwordless, private, public, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Using SSH keys with different login name - is it possible? Micro420 Linux - Networking 5 02-04-2007 02:34 PM
Can't login with ssh pub keys fisayo Mandriva 2 11-17-2005 07:12 PM
SSH Login - Forcing keys! jackster Linux - Security 5 01-25-2005 08:09 AM
Can't login using ssh keys linuxboy69 Linux - Software 2 03-19-2004 02:47 PM
Configuring SSH to accept only keys (already have keys) fr0st Linux - Security 3 11-04-2003 03:31 AM


All times are GMT -5. The time now is 10:03 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration