Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I am configuring my two machines to be able to ssh to each-other without password authentication but can not seem to get it to work. I generated the rsa key on the client in the .ssh folder and moved the id_rsa.pub file to server changing it's name to authorized_keys. But I am still prompted for a password when logging in on the client to the server. Am I missing something? If it makes any difference I am making the key without a pass code. When I read the rsa.pub file the last line says "==firstname.lastname@example.org", Is this line suppose to be the ip address of the client? Please help
It should have picked up the username you were using when you generated the key. Be sure you are logged in as the user you plan on using to ssh to the server and regenerate the key. Then check it to make sure it shows your username. The passcode is allowed to be blank. It sounds like your fully qualified domain name on the client is domain.local. That's okay if it isn't the same as the server, but not getting the correct username is not.
Also, do you have a login on the server using the SAME username (exactly)?
Is that /home/<username>/.ssh folder where you put the authorized_keys file?
That is critical to proper functioning.
When I read the rsa.pub file the last line says "==email@example.com", Is this line suppose to be the ip address of the client?
the public key files are made up of 3 fields. The first is the key type, then the base 64 encoded key data, and finally a comment section that is usually set to the username/host when the key was made. This comment field is completely arbitrary and can be anything or nothing at all.
Thanks guys for all of your help and thank you stanlo45 for the tutorial. It seems that changing the permissions on the authorized keys file was the missing step I needed. In would not have thought this step would be so critical.