LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-09-2013, 07:38 AM   #1
prinsh
LQ Newbie
 
Registered: May 2013
Posts: 3

Rep: Reputation: Disabled
Passwordless ssh on the same host


Hi,

I have to hosts named host1 and host2.
I am trying to create a passwordless ssh for them.

What I did:

On Host1,

ssh-keygen -t rsa

got the id_rsa.pub key and added it to the authorized keys of host2.

scp id_rsa.pub root@host2:
cat id_rsa.pub >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

* Its works fine if I do a ssh root@host2 from host1.

I repeated the same steps for Host2 and added its key in Host1.
but it doesn't work. I even added the rsa key of host1 into its own authorized keys..to see If I could do a passwordless ssh root@host1 from host1 and it failed too...I had to put password everytime..
Please help me.
 
Old 05-09-2013, 08:09 AM   #2
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,289

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
1. is the sshd daemon running on both? any differences in the sshd configs?
2. what about firewall ie iptables?
3. try 'ssh -vvv ...' to get verbose output
 
Old 05-09-2013, 08:14 AM   #3
prinsh
LQ Newbie
 
Registered: May 2013
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thanks for the response chris.

Sshd deamon is running on both the machines.

result for Iptables rule is

[root@cl39-10s13 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

I tried running 'ssh -vvv' it doesn't work.
 
Old 05-09-2013, 08:23 AM   #4
prinsh
LQ Newbie
 
Registered: May 2013
Posts: 3

Original Poster
Rep: Reputation: Disabled
Here is the debug Info :

[root@cl39-10s13 ~]# ssh -v root@10.39.10.13
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.39.10.13 [10.39.10.13] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.39.10.13' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195

debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195

debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195

debug1: Next authentication method: password
 
Old 05-10-2013, 07:00 AM   #5
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,555

Rep: Reputation: 463Reputation: 463Reputation: 463Reputation: 463Reputation: 463
a fast google read on your error came up with a few options to check.

1. verify the permissions on both ends for the ~/.ssh directory and its files.

2. update your ssh on both ends.

they should look as follows:

Code:
ssma-imac:~ ssma$ ls -laF .ssh
total 88
drwx------   11 ssma  staff         374 Mar 14 19:32 ./
drwxrwxr-x+ 107 ssma  _lpoperator  3638 May  6 08:15 ../
-rw-------    1 ssma  staff        4424 Jan  5 21:17 authorized_keys
-rw-r--r--    1 ssma  staff         175 Jan  5 21:28 config
-r--------    1 ssma  staff        3239 Jul 21  2012 id_rsa
-rw-r--r--    1 ssma  staff         752 Jul 21  2012 id_rsa.pub
-rw-r--r--    1 ssma  staff        5657 Mar 14 19:32 known_hosts

Last edited by lleb; 05-10-2013 at 07:11 AM.
 
Old 05-10-2013, 10:04 AM   #6
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,401

Rep: Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119Reputation: 1119
... also, don't forget that "password" should not be among the "authorizations that can continue."

SSH is like the "impregnable fortress" that has a moat surrounded by archers with drawn bows ... and also, a little garden gate. If you don't have what it takes to get past the archers, you can always just try the garden gate. It will let you in, either way, unless you explicitly disable all the weaker alternatives.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Passwordless ssh works. Normal login/ssh Fails. gurunarayanan Linux - Newbie 9 11-08-2012 04:42 AM
passwordless ssh from one host to another host mahmoodn Linux - Networking 74 08-08-2011 12:47 PM
[SOLVED] Problem with passwordless SSH to the same host adraganov Linux - Newbie 4 06-20-2011 11:45 AM
Can't use passwordless ssh sunhui Linux - Security 1 10-03-2006 08:29 PM
Passwordless SSH with SSH commercial server and open ssh cereal83 Linux - General 7 04-18-2006 12:34 PM


All times are GMT -5. The time now is 07:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration