LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 08-04-2009, 05:37 AM   #1
chrisjemma
LQ Newbie
 
Registered: Aug 2009
Posts: 3

Rep: Reputation: 1
SSH login with no passwords for distributed program on red hat


Hello,

I'm using a program on a group of servers which contact each other using SSH.

I've got the authentication keys setup with no password and the keys are on each box. But when one box tries to connect to another it wants the password for the user it's trying to communicate with.

So the main problem is there is a lot of communicating within this program so it's important to allow each box communicate with each other without the use of a password.

Does anyone have a solution?

I'm using OpenSSH 4.3 with OpenSSL 0.9.8 on Red Hat Enterprise Linux Server 5.3 (Tikanga).
I'm also using SSH on Ubuntu(Intrepid) to connect to these servers at the mo as i don't have direct access to the boxes.

Thanks

Chris Jemma
 
Old 08-04-2009, 07:30 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Well either the preshared keys are working or they're not. you say it's "setup" which would suggest it's tested and working, no?

Not a networking question, moved to Linux - Newbie.
 
Old 08-05-2009, 04:03 AM   #3
chrisjemma
LQ Newbie
 
Registered: Aug 2009
Posts: 3

Original Poster
Rep: Reputation: 1
Thanks, well i've found the problem now.

It was a mixture of permissions and sshd-config problems.

If anyone wants a quick guild on how i eventually got password less access across the boxes then pm me and i'll send it to you.

Thanks

Chris Jemma
 
Old 08-05-2009, 05:23 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Well these are guides already on this site for generic help. Personally I see most setups failing when the ownership of ~/.ssh is not set to 600.
 
Old 08-13-2009, 01:53 PM   #5
marina_28d
LQ Newbie
 
Registered: Aug 2009
Posts: 1

Rep: Reputation: 0
chrisjemma,
I am looking for this details. Can you please get me the information to my mail id?
 
Old 08-13-2009, 07:20 PM   #6
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
It would be more in the spirit of LQ if you posted it here for the edification of all.
 
Old 08-14-2009, 05:39 AM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Well there are many many perfectly good guides around, including an excellent one in our Linux Answers section.
 
Old 08-14-2009, 06:05 AM   #8
chrisjemma
LQ Newbie
 
Registered: Aug 2009
Posts: 3

Original Poster
Rep: Reputation: 1
Passphraseless and Passwordless Guide

Just as a warning, it's not recomended that you set up passphraseless and passwordless SSH communication but this is how i did it. In this guide passphrase is referring to the SSH passphrase and password refers to the users password.
  1. sshd_config

    Open "/etc/ssh/sshd_config" in your selected text editor, i used 'vi' because i only had a terminal to work with and also it highlights used options and darkens commented out options.

    The options i have highlighted in my sshd_config file are the following:

    Code:
    Protocol 2
    SyslogFacility AUTHPRIV
    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile .ssh/authorized_keys
    PasswordAuthentication yes
    ChallegeReponseAuthentication no
    UsePam no
    Then anymore options underneath 'UsePam' can be left alone for this to work. But do not comment out 'AcceptEnv' or 'Subsystem' values, i'm not sure what they do but they look important!

    To restart sshd, run the command

    Code:
    /etc/init.d/sshd restart
    If your using ssh to the machine that your configuring the above command will not stop your connection.

  2. id_rsa.pub and authorized_keys

    First you need to make sure that your logged into the user which will be sending or receiving communications so you create the keys for the right user. Change the directory to $HOME (e.g. /home/<user name>/). The line "ssh-keygen -t rsa" starts creating a SSH Key which is used to set the directory the key is saved to, just press enter to use default, and it is used to set the passphrase to commnicate with the machine, again just hit enter twice since we don't want a passphrase. Next step is optional but for the program i was using the machine had to communicate with itself using ssh. So ".ssh/id_rsa.pub >> .ssh/authorized_keys" takes the SSH key we just created and appends it to authorized_keys, the file that was specified earlier in sshd_config.

    Code:
    su <user name>
    cd $HOME
    ssh-keygen -t rsa
    .ssh/id_rsa.pub >> .ssh/authorized_keys
    Repeat the above code in a terminal on each node which will be part of the network.

  3. Key Sharing

    The next step is to share the 'id_rsa.pub' key to the other nodes that will be contacting the current node. You can move the key how ever you want but due to certain restrictions i had to use 'scp'. It's rather simple to use and can come in real handy when you need to quickly transfer something. The basic syntax is
    Code:
    scp <user>@<host_address>:<source_file> <user>@<host_address>:<destination_file>
    So for example...
    Code:
    scp chris@master:/home/chris/.ssh/id_rsa.pub chris@slave1:/home/chris/.shh/chrismaster_rsa.pub
    The end file can be called whatever you want but in this case i've called it something topical to what i'm doing.

    On the other machine you want to go to the $HOME directory and append the SSH key file to the authorized_keys. Here's an example following the above scp code above.

    Code:
    cd $HOME
    .ssh/chrismaster_rsa.pub >> .ssh/authorized-keys
  4. Permissions

    Permissions is the bit that stumped me but i didn't relise it was a problem until scouring many forums and other guides.

    The Permissions that work for me are the following

    Code:
    cd $HOME
    chmod go-w .
    cd .ssh
    chmod 700 .
    chmod 600 *
    I'm not entirely sure about these permissions but after this has been done on every node you'll be able to ssh or scp to anynode without SSH passphrases and user passwords

Last edited by chrisjemma; 08-17-2009 at 03:43 AM. Reason: few spelling mistakes
 
Old 07-16-2010, 02:01 PM   #9
JMCraig
Member
 
Registered: Feb 2003
Location: Utah, USA
Distribution: Red Hat EL/CentOS, Ubuntu/Debian
Posts: 113

Rep: Reputation: 15
Exclamation In case anyone's following these steps--beware typo

Note that in this point (last entry in Step 3 above), there's a hyphen where there should be an underscore:

It says
Code:
cd $HOME
.ssh/chrismaster_rsa.pub >> .ssh/authorized-keys
Target of >> (append) operator should be:

.ssh/authorized_keys
 
  


Reply

Tags
distributed, permission, redhat, scp, ssh, sshdconfig


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
start red hat linux box remotely, not login, ssh .... karinem Linux - Newbie 5 05-18-2009 11:02 AM
C program for automatic ssh login trollkotze Linux - General 5 01-09-2008 09:53 PM
SSH Login Attempts - Can passwords be captured? SlowCoder Linux - Server 6 10-07-2007 08:16 PM
LXer: Acronis Joins Red Hat ISV Partner Program; Becomes Red Hat Ready Partner LXer Syndicated Linux News 0 11-29-2006 02:03 AM


All times are GMT -5. The time now is 01:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration