LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-31-2009, 03:07 PM   #1
jcb344
LQ Newbie
 
Registered: May 2009
Posts: 2

Rep: Reputation: 1
Problem with ssh rsa key


I am configuring my two machines to be able to ssh to each-other without password authentication but can not seem to get it to work. I generated the rsa key on the client in the .ssh folder and moved the id_rsa.pub file to server changing it's name to authorized_keys. But I am still prompted for a password when logging in on the client to the server. Am I missing something? If it makes any difference I am making the key without a pass code. When I read the rsa.pub file the last line says "==username@domain.local", Is this line suppose to be the ip address of the client? Please help

-Jacob Balthazor

ps. I am running Fedora 10
 
Old 05-31-2009, 08:09 PM   #2
w7hd
Member
 
Registered: Aug 2004
Location: Tucson, AZ
Distribution: Ubuntu 9.04 & 10.10, RHEL 4 & 5
Posts: 48
Blog Entries: 3

Rep: Reputation: 16
It should have picked up the username you were using when you generated the key. Be sure you are logged in as the user you plan on using to ssh to the server and regenerate the key. Then check it to make sure it shows your username. The passcode is allowed to be blank. It sounds like your fully qualified domain name on the client is domain.local. That's okay if it isn't the same as the server, but not getting the correct username is not.

Also, do you have a login on the server using the SAME username (exactly)?

Is that /home/<username>/.ssh folder where you put the authorized_keys file?
That is critical to proper functioning.
 
Old 06-01-2009, 12:45 AM   #3
stanlo45
LQ Newbie
 
Registered: Jul 2008
Location: JHB, South Africa
Distribution: Suse
Posts: 4
Blog Entries: 1

Rep: Reputation: 0
I assume you are using the same usersnames on both machines.

Check the permissions on your .ssh directory and
authorized keys files.

.ssh should be drwx------ (chmod 700)
and authorized_keys should be -rw------- (chmod 600)
 
Old 06-01-2009, 01:53 AM   #4
baig
Member
 
Registered: Nov 2008
Location: وادی ھنزہ
Distribution: Solaris 5.10, Debian Server 5.2, CentOS 5.6
Posts: 226
Blog Entries: 3

Rep: Reputation: 38
Just click my blog entries on the left under my name. I have once written the very same about what you are looking for.

Cheers!
 
Old 06-01-2009, 07:50 AM   #5
JulianTosh
Member
 
Registered: Sep 2007
Location: Las Vegas, NV
Distribution: Fedora / CentOS
Posts: 674
Blog Entries: 3

Rep: Reputation: 90
Quote:
Originally Posted by jcb344 View Post
When I read the rsa.pub file the last line says "==username@domain.local", Is this line suppose to be the ip address of the client?
the public key files are made up of 3 fields. The first is the key type, then the base 64 encoded key data, and finally a comment section that is usually set to the username/host when the key was made. This comment field is completely arbitrary and can be anything or nothing at all.
 
Old 06-01-2009, 09:57 AM   #6
daydream
LQ Newbie
 
Registered: Jun 2005
Location: Maryland, USA
Distribution: Slackware Linux 12.2
Posts: 1

Rep: Reputation: 0
May also want to make a copy of the authorized_keys file and name it authorized_keys2 in case you're forcing SSHv2 for some reason.
 
Old 06-01-2009, 10:00 AM   #7
JulianTosh
Member
 
Registered: Sep 2007
Location: Las Vegas, NV
Distribution: Fedora / CentOS
Posts: 674
Blog Entries: 3

Rep: Reputation: 90
Quote:
Originally Posted by daydream View Post
May also want to make a copy of the authorized_keys file and name it authorized_keys2 in case you're forcing SSHv2 for some reason.
good point. I use to have to do this on older systems other people admin'd cause I could never tell which to use. I used a symlink instead so I didn't have to maintain entries in each file...
 
Old 06-02-2009, 01:38 AM   #8
jcb344
LQ Newbie
 
Registered: May 2009
Posts: 2

Original Poster
Rep: Reputation: 1
problem solved

Thanks guys for all of your help and thank you stanlo45 for the tutorial. It seems that changing the permissions on the authorized keys file was the missing step I needed. In would not have thought this step would be so critical.
 
Old 06-02-2009, 01:44 AM   #9
JulianTosh
Member
 
Registered: Sep 2007
Location: Las Vegas, NV
Distribution: Fedora / CentOS
Posts: 674
Blog Entries: 3

Rep: Reputation: 90
Permissions on the keys is critical because of off-line attacks bad guys can do on them if copied - not to mention passwordless keys. Having the service force the issue protects the unaware.
 
  


Reply

Tags
rsa, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH RSA key fingerprint with network Ephracis Linux - Security 19 02-26-2008 06:03 AM
SSH rsa key PB0711 Linux - Security 3 09-10-2006 03:57 PM
SSH RSA key problem taiwf Linux - General 3 05-21-2006 09:33 PM
ssh rsa key changed after upgrade itsjustme Linux - General 11 11-06-2003 09:12 AM
ssh RSA key thanat0s Linux - Security 3 09-29-2003 09:51 PM


All times are GMT -5. The time now is 04:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration