Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello community,
I scratching my head with an issue on SSH KEY authorization.
I've a Red Hat 5.7 installation that should login via SSH into another machine (it's an OpenVMS OS). I already generated an SSH KEY and user "lucas" CAN login without password on destination machine! Then, if I try with user "root" it always ask me for the password!
The authorized_keys files between users are absolutely the same:
Quote:
-rw------- 1 lucas lucas 2803 Jul 6 2011 /home/lucas/.ssh/authorized_keys
-rw------- 1 root root 2803 Aug 4 09:35 /root/.ssh/authorized_keys
I've also another Red Hat test machine, that can login with "root" user, without problem and plus I can login with a Windows machine without password, both to the same destination server. So the problem isn't located on destination.
So, why I can login without password with "lucas" and ask me a password for "root" user? Is there any settings on Red Hat that prevent root user login with ssh key?
Connection to the "source" machine should be done DIRECTLY. If you connect to a machine, then SSH to "source" machine, and then try SSH on the "destination" machine it will ask for password. Instead, if you connect directly to the "source" machine and then SSH the "destination" machine it works!
Honestly I don't know if this behaviour is normal and why it happens! It will be much appreciated if someone can explain me!
In normal ssh setup it does not matter how you logged in "source Machine" (directly/Indirectly)
Question 1. What command you are using to for ssh login (please paste both commands (for root and lucas user)?
2. Are you using the same ssh key pair for root and lucas or you have different SSH key pairs for each user?
PS: Although it is not concern here. Just let you know, it is a security issue to permit root logins on machines
Connection to the "source" machine should be done DIRECTLY. If you connect to a machine, then SSH to "source" machine, and then try SSH on the "destination" machine it will ask for password. Instead, if you connect directly to the "source" machine and then SSH the "destination" machine it works!
Honestly I don't know if this behaviour is normal and why it happens! It will be much appreciated if someone can explain me!
To check this is might be good to use ssh -v when connecting. This will show all auth methods that are tried and if something went wrong with any of them.
In normal ssh setup it does not matter how you logged in "source Machine" (directly/Indirectly)
Question 1. What command you are using to for ssh login (please paste both commands (for root and lucas user)?
2. Are you using the same ssh key pair for root and lucas or you have different SSH key pairs for each user?
Response 1. Simple ssh connection i.e. ssh root@10.99.10.10 and ssh lucas@10.99.10.10
2. Yes same SSH keys for root and lucas users
BTW, I also knew that source machine doesn't matter in a "normal" SSH server config, but maybe there's something to prevent that for both users. Let me explain better witch is my environment. Since I cannot reach directly the first machine, I login first into another server (using the same SSH key) and then SSH to the final server. That operation doesn't work for both users.
Instead, if I use tunneling, to reach directly the 10.99.10.10 server, I'm able to login into the final server without password.
I cannot explain this behaviour, that's why I'm just curious if someone know.
So the private keys on the machine in the middle maybe not be the same for both users. You could even use ssh-agent forwarding, then you don’t need any ssh-key on the machine in the middle at all.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.