LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 12-08-2009, 09:19 AM   #1
kaplan71
Member
 
Registered: Nov 2003
Posts: 719

Rep: Reputation: 39
problem with ssh key-based authentication


Hi there --

I have a key-based authentication set up for the root account between two of our servers, and it has been working without issue for quite some time. I wanted to set up a similar configuration for a 'regular' user account between the same two servers.

I went through the motion of running the ssh-keygen utility with the following syntax as the user in question:

Code:
ssh-keygen -t rsa
I made sure there were no passphrases by hitting the <enter> key when prompted. Once that was done, I copied the newly created public key from the source to the destination computer using the command syntax shown below:

Code:
ssh user@remotehost “cat >> ~/.ssh/authorized_keys” < ~/.ssh/id_rsa.pub
Once that was done, I should have been able to log into the remote host without being prompted without a password, but that was not the case.

Why would the root account be able to log in using public/private key authentication, and a 'regular' user account cannot to the same?
 
Old 12-08-2009, 09:22 AM   #2
beadyallen
Member
 
Registered: Mar 2008
Location: UK
Distribution: Fedora, Gentoo
Posts: 209

Rep: Reputation: 36
Check the permissions on .ssh/authorized_keys. It's got to be 600, so
Code:
chmod 600 .ssh/authorized_keys
will probably fix it.
Also, make sure the key did get into the authorized_keys file properly. I'm not sure, but how did you enter the password when stdin was supplied from the id_rsa.pub file?

Last edited by beadyallen; 12-08-2009 at 09:24 AM.
 
Old 12-08-2009, 09:39 AM   #3
zordrak
Member
 
Registered: Feb 2008
Distribution: Slackware
Posts: 595

Rep: Reputation: 115Reputation: 115
Quote:
Originally Posted by kaplan71 View Post

Code:
ssh user@remotehost “cat >> ~/.ssh/authorized_keys” < ~/.ssh/id_rsa.pub
Just FYI, depending on your distribution you should be able to achieve the same result with "ssh-copy-id".

With regard to the initial problem, again the distro you use can affect the difficulty of getting key-based auth working; esp if PAM gets involved.
 
Old 12-08-2009, 01:03 PM   #4
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
i had trouble of that kind when i corrupted my /etc/passwd or /etc/shadow.
did you make any changes in those manually? i was unable to passwd and log in through ssh with or without password to any user but last created by useradd.
that could be a problem perhaps...
 
Old 12-08-2009, 07:02 PM   #5
evo2
Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,591

Rep: Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244
I think there are many things that could cause this type of behavior. So, you need to look at the debug information ssh will give you if you ask for it.

Reading /var/log/auth.log (or similar for your dist) and running in verbose moded (ssh -vvv) on the client are the first things I do debug ssh problems like this.

If I can't get the answers I need from the above, the next thing I try is running sshd in debug mode (sshd -d) on the server, and then try to ssh to that instance of sshd: this provides much more server side debug info than what you normally get in /var/log/auth.log.

Cheers,

Evo2.
 
1 members found this post helpful.
Old 12-09-2009, 11:34 AM   #6
kaplan71
Member
 
Registered: Nov 2003
Posts: 719

Original Poster
Rep: Reputation: 39
Hi there --

The problem was with the permissions of the authorized_keys file. Once I changed the settings to 600, the problem did not recur. Thanks again to everyone for the help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Key based authentication only for root for SSH the_gripmaster Linux - Security 4 04-18-2009 06:43 PM
SSH public key authentication problem with cron pbjason9 Linux - Server 2 03-20-2009 11:52 PM
ssh public key authentication problem flgal3 Linux - Software 21 02-06-2009 12:15 PM
Problem with two-way key-based ssh connection kaplan71 Linux - Networking 4 02-22-2007 08:15 AM
SSH - Problem with Public Key Authentication HaPagan Linux - Security 5 11-29-2005 12:27 AM


All times are GMT -5. The time now is 06:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration