LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   problem with ssh key-based authentication (https://www.linuxquestions.org/questions/linux-security-4/problem-with-ssh-key-based-authentication-774231/)

kaplan71 12-08-2009 08:19 AM
problem with ssh key-based authentication
 
Hi there --

I have a key-based authentication set up for the root account between two of our servers, and it has been working without issue for quite some time. I wanted to set up a similar configuration for a 'regular' user account between the same two servers.

I went through the motion of running the ssh-keygen utility with the following syntax as the user in question:

Code:
ssh-keygen -t rsa
I made sure there were no passphrases by hitting the <enter> key when prompted. Once that was done, I copied the newly created public key from the source to the destination computer using the command syntax shown below:

Code:
ssh user@remotehost “cat >> ~/.ssh/authorized_keys” < ~/.ssh/id_rsa.pub
Once that was done, I should have been able to log into the remote host without being prompted without a password, but that was not the case.

Why would the root account be able to log in using public/private key authentication, and a 'regular' user account cannot to the same?

beadyallen 12-08-2009 08:22 AM
Check the permissions on .ssh/authorized_keys. It's got to be 600, so
Code:
chmod 600 .ssh/authorized_keys
will probably fix it.
Also, make sure the key did get into the authorized_keys file properly. I'm not sure, but how did you enter the password when stdin was supplied from the id_rsa.pub file?

zordrak 12-08-2009 08:39 AM
Quote:
Originally Posted by kaplan71 (Post 3784069)

Code:
ssh user@remotehost “cat >> ~/.ssh/authorized_keys” < ~/.ssh/id_rsa.pub
Just FYI, depending on your distribution you should be able to achieve the same result with "ssh-copy-id".

With regard to the initial problem, again the distro you use can affect the difficulty of getting key-based auth working; esp if PAM gets involved.

Web31337 12-08-2009 12:03 PM
i had trouble of that kind when i corrupted my /etc/passwd or /etc/shadow.
did you make any changes in those manually? i was unable to passwd and log in through ssh with or without password to any user but last created by useradd.
that could be a problem perhaps...

evo2 12-08-2009 06:02 PM
I think there are many things that could cause this type of behavior. So, you need to look at the debug information ssh will give you if you ask for it.

Reading /var/log/auth.log (or similar for your dist) and running in verbose moded (ssh -vvv) on the client are the first things I do debug ssh problems like this.

If I can't get the answers I need from the above, the next thing I try is running sshd in debug mode (sshd -d) on the server, and then try to ssh to that instance of sshd: this provides much more server side debug info than what you normally get in /var/log/auth.log.

Cheers,

Evo2.

kaplan71 12-09-2009 10:34 AM
Hi there --

The problem was with the permissions of the authorized_keys file. Once I changed the settings to 600, the problem did not recur. Thanks again to everyone for the help.


All times are GMT -5. The time now is 02:34 AM.