LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-25-2010, 05:56 PM   #1
Sanford Stein
Member
 
Registered: Jun 2008
Location: Evanston, Illinois
Distribution: RHEL 6.4
Posts: 126

Rep: Reputation: 17
ssh without password -- non-root user


A while ago I set up two servers so 'root' on the first server could scp to 'root' on the second server without needing a password.

I am now trying to add this functionality for a second (non-root) user on the same pair of servers.

I follow the standard procedure as shown on this site and elsewhere.
As the non-root user I do:
1. Use ssh-keygen rsa to create $HOME/.ssh/id_rsa.pub on first server
2. Copy that file to $HOME/.ssh/authorized_keys for the same user
on the target server.

I have verified that file permissions on the target system are correct and the file and PubKeyAUthentication and RSAAuthenication are set to yes in /etc/ssh/sshd.conf.

No matter what I do I cannot keep the system from asking for a password for the non-root user. The root user continues to work just fine.

Is it not possible to have two password-free ssh users on the same server?

Thanks for any suggestions.

Sanford Stein
CyberTools Inc.
 
Old 03-25-2010, 06:30 PM   #2
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 572

Rep: Reputation: 56
What about the directory permissions on .ssh in your user home directories? Can you post all of the ls -l output for all of the relevant files?
 
Old 03-25-2010, 06:33 PM   #3
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
this very often comes down to permissions on the .ssh directory, which would be 700, with the files inside as 600.

There's certainly no limitation as you suggest, indeed it's impossible to even know if that is the case in the ssh service.
 
Old 03-25-2010, 09:47 PM   #4
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,374

Rep: Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198
You can use a certificate instead of a password.
 
Old 03-25-2010, 09:53 PM   #5
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Please use -vvv flag with the ssh and check the sshd logs to find out why this is happening.

Evo2.
 
Old 03-26-2010, 01:02 AM   #6
ssilayaraja
Member
 
Registered: Aug 2003
Location: chennai
Posts: 115

Rep: Reputation: 15
Try with Public and private key pair
 
Old 03-26-2010, 01:54 AM   #7
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 572

Rep: Reputation: 56
Quote:
Originally Posted by ssilayaraja View Post
Try with Public and private key pair
That is exactly what he's trying to do!
 
Old 03-26-2010, 02:31 AM   #8
hockeyman_102
Member
 
Registered: Apr 2006
Location: Washington
Distribution: Suse, CentOS, Ubuntu
Posts: 124

Rep: Reputation: 15
Quote:
Originally Posted by evo2 View Post
Please use -vvv flag with the ssh and check the sshd logs to find out why this is happening.

Evo2.
I'm curious to see the logs as well. I remember this problem a few years ago, I had a non-root user, but I was able to setup passwordless ssh/scp to another machine where I landed as root. If I remember, as long as I had the correct (non-root) RSA key in my '/root/.ssh/authorized_keys' on the machine I wanted to connect to as root... it worked.

Non-Root Machine:
  1. ssh-keygen -t rsa
  2. cat $HOME/.ssh/id_rsa.pub (copy)

Root Machine:
  1. vi /root/.ssh/authorized_keys (paste)

Don't remember if I had to do authorized_keys or authorized_keys2, and there are better ways to copy/paste, but you get the idea....
 
Old 03-26-2010, 03:40 AM   #9
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Quote:
Originally Posted by hockeyman_102 View Post
I'm curious to see the logs as well.
I don't actually want to see the logs. I want the OP to read and grok them, so they can workout how to fix the problem ;-)

Evo2.
 
Old 03-26-2010, 04:02 AM   #10
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
grok. what a horrible non word...
 
Old 03-26-2010, 04:06 AM   #11
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Quote:
Originally Posted by acid_kewpie View Post
grok. what a horrible non word...
Come on! It's in the jargon file. It must be both a word and non-horrible.

Evo2.
 
Old 03-26-2010, 05:06 AM   #12
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 572

Rep: Reputation: 56
Grok is good. I grok grok.
 
Old 03-26-2010, 11:32 AM   #13
Sanford Stein
Member
 
Registered: Jun 2008
Location: Evanston, Illinois
Distribution: RHEL 6.4
Posts: 126

Original Poster
Rep: Reputation: 17
Thank you all for your responses.

Blacky, here are the directory listings:

For the source server:

[root@cedar ~]# ls -ld /root/.ssh
drwx------ 2 root root 4096 Mar 25 16:06 /root/.ssh
[root@cedar ~]# ls -lR /root/.ssh
/root/.ssh:
total 20
-rw-r--r-- 1 root root 1059 Dec 17 11:37 authorized_keys
-rw------- 1 root root 1675 Sep 28 2008 id_rsa
-rw-r--r-- 1 root root 419 Sep 28 2008 id_rsa.pub
-rw-r--r-- 1 root root 6706 Jan 17 09:17 known_hosts
[root@cedar ~]# ls -ld /home/mbp5vdrzqtui/.ssh
drwx------ 2 mbp5vdrzqtui mbp5vdrzqtui 4096 Mar 25 17:08 /home/mbp5vdrzqtui/.ssh
[root@cedar ~]# ls -lR /home/mbp5vdrzqtui/.ssh
/home/mbp5vdrzqtui/.ssh:
total 12
-rw------- 1 mbp5vdrzqtui mbp5vdrzqtui 1675 Mar 25 17:08 id_rsa
-rw-r--r-- 1 mbp5vdrzqtui mbp5vdrzqtui 427 Mar 25 17:08 id_rsa.pub
-rw-r--r-- 1 mbp5vdrzqtui mbp5vdrzqtui 1816 Mar 25 16:15 known_hosts
[root@cedar ~]#

For the target server:

[root@pear ~]# ls -ld /root/.ssh
drwx------ 2 root root 4096 Mar 25 17:14 /root/.ssh
[root@pear ~]# ls -lR /root/.ssh
/root/.ssh:
total 20
-rw-r--r-- 1 root root 838 Apr 9 2009 authorized_keys
-rw------- 1 root root 1675 Mar 25 17:16 id_rsa
-rw-r--r-- 1 root root 406 Mar 25 17:16 id_rsa.pub
-rw-r--r-- 1 root root 6346 Mar 25 17:14 known_hosts
[root@pear ~]# ls -ld /home/mbp5vdrzqtui/.ssh
drwxr--r-- 2 mbp5vdrzqtui mbp5vdrzqtui 4096 Mar 26 09:52 /home/mbp5vdrzqtui/.ssh
[root@pear ~]# ls -lR /home/mbp5vdrzqtui/.ssh
/home/mbp5vdrzqtui/.ssh:
total 8
-rw-r--r-- 1 mbp5vdrzqtui mbp5vdrzqtui 854 Mar 25 17:27 authorized_keys
-rw-r--r-- 1 mbp5vdrzqtui mbp5vdrzqtui 1588 Mar 25 17:12 known_hosts

Evo2 and Hockeyman, I ran ssh -vvv for both the root and non-root user.
The output was the same up until the point were the public key was sent and tested:

< debug1: Offering public key: /root/.ssh/id_rsa^M
< debug3: send_pubkey_test^M
< debug2: we sent a publickey packet, wait for reply^M
< debug1: Server accepts key: pkalg ssh-rsa blen 277^M
< debug2: input_userauth_pk_ok: SHA1 fp 64:35:c8:5d:88:16:47:a3:82:50:ae:1e:47:2a:a8:70:0b:a1:57:08^M
< debug3: sign_and_send_pubkey^M
< debug1: read PEM private key done: type RSA^M
< debug1: Authentication succeeded (publickey).^M
---
> debug1: Offering public key: /home/mbp5vdrzqtui/.ssh/id_rsa^M
> debug3: send_pubkey_test^M
> debug2: we sent a publickey packet, wait for reply^M
> debug1: Authentications that can continue: publickey,gssapi-with-mic,password^M
> debug1: Trying private key: /home/mbp5vdrzqtui/.ssh/id_dsa^M
> debug3: no such identity: /home/mbp5vdrzqtui/.ssh/id_dsa^M
> debug2: we did not send a packet, disable method^M
> debug3: authmethod_lookup password^M
> debug3: remaining preferred: ,password^M
> debug3: authmethod_is_enabled password^M
> debug1: Next authentication method: password^M

Jefro--thanks, but certificate is not an option for us.

Any further feedback or ideas are appreciated.

SS
 
Old 03-26-2010, 03:54 PM   #14
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 572

Rep: Reputation: 56
The authorized_keys files have the wrong permissions. They MUST be 600.

Last edited by blacky_5251; 03-26-2010 at 03:54 PM. Reason: FIxed a typo
 
Old 03-26-2010, 11:25 PM   #15
saagar
Member
 
Registered: Jul 2008
Location: Chennai, India
Distribution: RHEL5, Ubuntu
Posts: 191

Rep: Reputation: 37
I think the problem is with the permissions of .ssh directory of the server:

Code:
[root@pear ~]# ls -ld /home/mbp5vdrzqtui/.ssh
drwxr--r-- 2 mbp5vdrzqtui mbp5vdrzqtui 4096 Mar 26 09:52 /home/mbp5vdrzqtui/.ssh
.ssh directory should have 700 and authorized_keys should have 600 permissions. Isn't it??

Last edited by saagar; 03-26-2010 at 11:27 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
did not find any option for root password for root user in ubuntu 9.10 linux.ab Linux - Newbie 1 03-02-2010 03:58 AM
ssh without password from user to root on same linux enterprise 5 machine linux2010 Linux - Newbie 3 01-24-2010 07:57 PM
How could normal user obtain root password or change root password ckamheng Debian 18 02-18-2009 11:28 PM
Help! Cannot Add a User to User Manager or Change Root Password lennysokol Linux - General 2 06-25-2005 10:59 AM
Get password of root from SSH? Gerardoj Linux - General 4 08-09-2003 12:07 PM


All times are GMT -5. The time now is 01:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration