ssh keys - no password issue
 

HI,

I have setup this before, and never had an issue but this is the first time I cannot get it to work.

Here are the permissions for authorized_keys

-rw-r--r-- 1 user1 user1 624 Oct 8 14:16 authorized_keys


I copied over the id_dsa.pub to this server and changed it to the authorized_keys file.

here are the permissions for the .ssh directory

drwx------ 2 user1 user1 4096 Oct 8 14:19 .ssh

but when I ssh to that box it still asks for the password.

Any ideas? I greatly appreciate it thanks

Hi,

Change to

Warm Regards,

have you looked at /var/log/auth.log on the server for any errors associated with the login?

are there restrictions in /etc/ssh/sshd_config on the server?

when were the keys generated (ie, are you sure the private and public key match)?

what are the permissions on the private key of the client (should be -rw-------)?

I think You should put here more detailed informations.
Type of the key (dsa, rsa) etc.etc. ?


Did You changed something in /etc/ssh/sshd_conf ?


check if You have enabled authorized_keys


Usually its not a problem with permissions, but with software configuration.

Most of the time I have encounted this issue only when I forget to change the permission of file ~/.ssh/authorized_keys to 600.

If OP has not changed the default configuration of /etc/sshd_conf file and followed this simple procedure, it should work.

@OP
Please let us know the contents of /etc/sshd_conf file

Try that did not work Thanks though

I have not but does not mean someone else did not I am looking now.

Here are the options:

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#ShowPatchLevel no

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server



Also i am using DSA keys

btw if I try to do it from other server I really want to setup ssh keys with no password on both sides. I get an error

ssh inform@servers
Connection closed by server1

If i remove the authorized.key file on remote server i can ssh but then asks me for password.

I just generated the files last week, and i do not have a /var/log/auth.log file on either server, the remote or client

Hi

Please find the changes marked in Blue
Did you try with RSA keys. As you are using RSAAuthentication yes

Ok i made Changes and restarted SSH did not work, let me try with RSA keys

Woot using RSA keys worked!!!

Thanks a lot...


Out of curiosity did it not work with DSA because there was no entry for it in sshd_config? Just so I know for future

I am not very sure about it, I just suggested you by looking at the uncommented RSAAuthentication yes. Also permission of authorization_keys should be 600, which was not in your case.