LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page [SOLVED] ssh keys - no password issue
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-11-2010, 08:17 AM   #1
kongfranon
Member
 
Registered: Aug 2010
Posts: 30

Rep: Reputation: 0
ssh keys - no password issue

HI,

I have setup this before, and never had an issue but this is the first time I cannot get it to work.

Here are the permissions for authorized_keys

-rw-r--r-- 1 user1 user1 624 Oct 8 14:16 authorized_keys


I copied over the id_dsa.pub to this server and changed it to the authorized_keys file.

here are the permissions for the .ssh directory

drwx------ 2 user1 user1 4096 Oct 8 14:19 .ssh

but when I ssh to that box it still asks for the password.

Any ideas? I greatly appreciate it thanks
 
Old 10-11-2010, 08:31 AM   #2
vinaytp
Member
 
Registered: Apr 2009
Location: Bengaluru, India
Distribution: RHEL 5.4, 6.0, Ubuntu 10.04
Posts: 707

Rep: Reputation: 55
Hi,

Code:
-rw-r--r--   1 user1 user1  624 Oct  8 14:16 authorized_keys
Change to

Code:
chmod 0600 ~/.ssh/authorized_keys
Warm Regards,
 
Old 10-11-2010, 08:33 AM   #3
neonsignal
Senior Member
 
Registered: Jan 2005
Location: Melbourne, Australia
Distribution: Debian Bookworm (Fluxbox WM)
Posts: 1,391
Blog Entries: 54

Rep: Reputation: 360Reputation: 360Reputation: 360Reputation: 360
have you looked at /var/log/auth.log on the server for any errors associated with the login?

are there restrictions in /etc/ssh/sshd_config on the server?

when were the keys generated (ie, are you sure the private and public key match)?

what are the permissions on the private key of the client (should be -rw-------)?
Last edited by neonsignal; 10-11-2010 at 08:37 AM.
 
Old 10-11-2010, 08:35 AM   #4
dlugasx
Member
 
Registered: Dec 2008
Location: Germany/Poland
Distribution: CentOS / Debian / Solaris / RedHat
Posts: 266

Rep: Reputation: 19
Quote:
Originally Posted by kongfranon View Post
HI,

I have setup this before, and never had an issue but this is the first time I cannot get it to work.

Here are the permissions for authorized_keys

-rw-r--r-- 1 user1 user1 624 Oct 8 14:16 authorized_keys


I copied over the id_dsa.pub to this server and changed it to the authorized_keys file.

here are the permissions for the .ssh directory

drwx------ 2 user1 user1 4096 Oct 8 14:19 .ssh

but when I ssh to that box it still asks for the password.

Any ideas? I greatly appreciate it thanks


I think You should put here more detailed informations.
Type of the key (dsa, rsa) etc.etc. ?


Did You changed something in /etc/ssh/sshd_conf ?


check if You have enabled authorized_keys


Usually its not a problem with permissions, but with software configuration.
 
Old 10-11-2010, 08:40 AM   #5
vinaytp
Member
 
Registered: Apr 2009
Location: Bengaluru, India
Distribution: RHEL 5.4, 6.0, Ubuntu 10.04
Posts: 707

Rep: Reputation: 55
Quote:
Usually its not a problem with permissions, but with software configuration.
Most of the time I have encounted this issue only when I forget to change the permission of file ~/.ssh/authorized_keys to 600.

If OP has not changed the default configuration of /etc/sshd_conf file and followed this simple procedure, it should work.

@OP
Please let us know the contents of /etc/sshd_conf file
 
Old 10-11-2010, 08:50 AM   #6
kongfranon
Member
 
Registered: Aug 2010
Posts: 30

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by vinaytp View Post
Hi,

Code:
-rw-r--r--   1 user1 user1  624 Oct  8 14:16 authorized_keys
Change to

Code:
chmod 0600 ~/.ssh/authorized_keys
Warm Regards,

Try that did not work Thanks though
 
Old 10-11-2010, 08:51 AM   #7
kongfranon
Member
 
Registered: Aug 2010
Posts: 30

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by dlugasx View Post
I think You should put here more detailed informations.
Type of the key (dsa, rsa) etc.etc. ?


Did You changed something in /etc/ssh/sshd_conf ?


check if You have enabled authorized_keys


Usually its not a problem with permissions, but with software configuration.

I have not but does not mean someone else did not I am looking now.

Here are the options:

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#ShowPatchLevel no

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server



Also i am using DSA keys
Last edited by kongfranon; 10-11-2010 at 08:52 AM.
 
Old 10-11-2010, 09:01 AM   #8
kongfranon
Member
 
Registered: Aug 2010
Posts: 30

Original Poster
Rep: Reputation: 0
btw if I try to do it from other server I really want to setup ssh keys with no password on both sides. I get an error

ssh inform@servers
Connection closed by server1

If i remove the authorized.key file on remote server i can ssh but then asks me for password.
 
Old 10-11-2010, 09:04 AM   #9
kongfranon
Member
 
Registered: Aug 2010
Posts: 30

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by neonsignal View Post
have you looked at /var/log/auth.log on the server for any errors associated with the login?

are there restrictions in /etc/ssh/sshd_config on the server?

when were the keys generated (ie, are you sure the private and public key match)?

what are the permissions on the private key of the client (should be -rw-------)?


I just generated the files last week, and i do not have a /var/log/auth.log file on either server, the remote or client
 
Old 10-11-2010, 09:06 AM   #10
vinaytp
Member
 
Registered: Apr 2009
Location: Bengaluru, India
Distribution: RHEL 5.4, 6.0, Ubuntu 10.04
Posts: 707

Rep: Reputation: 55
Hi

Code:
#Port 22
#Enable protocol 2
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m

PermitRootLogin no
#If you make above to yes, chances are more that you may compromise your system.

#StrictModes yes
#MaxAuthTries 6

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication mechanism. 
# Depending on your PAM configuration, this may bypass the setting of 
# PasswordAuthentication, PermitEmptyPasswords, and 
# "PermitRootLogin without-password". If you just want the PAM account and 
# session checks to run without PAM authentication, then enable this but set 
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#ShowPatchLevel no

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server
Please find the changes marked in Blue
Did you try with RSA keys. As you are using RSAAuthentication yes
Last edited by vinaytp; 10-11-2010 at 09:10 AM.
 
Old 10-11-2010, 09:16 AM   #11
kongfranon
Member
 
Registered: Aug 2010
Posts: 30

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by vinaytp View Post
Hi

Code:
#Port 22
#Enable protocol 2
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m

PermitRootLogin no
#If you make above to yes, chances are more that you may compromise your system.

#StrictModes yes
#MaxAuthTries 6

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication mechanism. 
# Depending on your PAM configuration, this may bypass the setting of 
# PasswordAuthentication, PermitEmptyPasswords, and 
# "PermitRootLogin without-password". If you just want the PAM account and 
# session checks to run without PAM authentication, then enable this but set 
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#ShowPatchLevel no

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server
Please find the changes marked in Blue
Did you try with RSA keys. As you are using RSAAuthentication yes
Ok i made Changes and restarted SSH did not work, let me try with RSA keys
 
Old 10-11-2010, 09:23 AM   #12
kongfranon
Member
 
Registered: Aug 2010
Posts: 30

Original Poster
Rep: Reputation: 0
Woot using RSA keys worked!!!

Thanks a lot...


Out of curiosity did it not work with DSA because there was no entry for it in sshd_config? Just so I know for future
 
Old 10-12-2010, 12:25 AM   #13
vinaytp
Member
 
Registered: Apr 2009
Location: Bengaluru, India
Distribution: RHEL 5.4, 6.0, Ubuntu 10.04
Posts: 707

Rep: Reputation: 55
Quote:
Originally Posted by kongfranon View Post
Woot using RSA keys worked!!!

Thanks a lot...


Out of curiosity did it not work with DSA because there was no entry for it in sshd_config? Just so I know for future
I am not very sure about it, I just suggested you by looking at the uncommented RSAAuthentication yes. Also permission of authorization_keys should be 600, which was not in your case.
Last edited by vinaytp; 10-12-2010 at 12:26 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
password issue winbind + ssh esdeedee Linux - Server 0 11-05-2008 04:32 AM
[SOLVED] problem adding ssh keys to skip password prompt vikas027 Linux - Software 27 09-26-2008 03:24 PM
Distributing SSH host keys for password-less login kenneho Linux - Security 6 09-16-2008 06:52 AM
ssh prompts for password even though public and private keys have been generated kaplan71 Linux - Software 6 05-07-2008 04:57 PM
Changing server password AFTER setting ssh-auto keys Swakoo Linux - General 1 02-22-2006 04:38 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:55 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration