LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 12-07-2011, 07:14 AM   #1
UmaSantharam
LQ Newbie
 
Registered: Dec 2011
Posts: 8

Rep: Reputation: Disabled
Passwordless authentication SSH


I am trying to enable passwordless authentication for a non root user say "lxuser1"

$ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/lxuser1/.ssh/id_rsa):
/home/lxuser1/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/lxuser1/.ssh/id_rsa.
Your public key has been saved in /home/lxuser1/.ssh/id_rsa.pub.
The key fingerprint is:
f4:5e:f8:f6:4a:15:87:41:45:84:bd:3e:b7:98:de:35 lxuser1@pc-a400158
$ cat id_rsa.pub > authorized_keys
$ ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is 08:19:87:71:db:43:77:e1:ae:73:cf:82:72:bc:40:a9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Permission denied (publickey,gssapi-with-mic).
$ ssh localhost
Permission denied (publickey,gssapi-with-mic).
 
Old 12-07-2011, 07:22 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,374

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
this issue is *usually* down to having the wrong permissions on ~/.ssh or ~/.ssh/authorized keys. They should be 700 and 600 respectively.

You should also have the ssh-copy-id tool available, which sets your keys up on a remote server (or localhost in your case) automatically.
 
Old 12-07-2011, 10:45 PM   #3
UmaSantharam
LQ Newbie
 
Registered: Dec 2011
Posts: 8

Original Poster
Rep: Reputation: Disabled
Permission ~/.ssh or ~/.ssh/authorized keys

I verified the permission that

~/.ssh is 700 and ~/.ssh/authorized keys 600

Still it does not work out.
 
Old 12-08-2011, 12:05 AM   #4
the_gripmaster
Member
 
Registered: Jul 2004
Location: VIC, Australia
Distribution: RHEL, CentOS, Ubuntu Server, Ubuntu
Posts: 356

Rep: Reputation: 38
Quote:
Originally Posted by UmaSantharam View Post
I verified the permission that

~/.ssh is 700 and ~/.ssh/authorized keys 600

Still it does not work out.
Look in your /etc/ssh/sshd_config file. Find the #AuthorizedKeysFile line and make sure it says .ssh/authorized_keys.
 
Old 12-08-2011, 02:34 AM   #5
UmaSantharam
LQ Newbie
 
Registered: Dec 2011
Posts: 8

Original Poster
Rep: Reputation: Disabled
"/etc/ssh/sshd_config" values

This is what the contents of sshd_config file

#RSAAuthentication yes
#PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication no
PermitEmptyPasswords yes
PasswordAuthentication yes
 
Old 12-08-2011, 03:16 AM   #6
venikathir
LQ Newbie
 
Registered: Apr 2011
Location: Bangalroe-India
Distribution: Redhat EL5
Posts: 24

Rep: Reputation: 1
Code:
1. As the (app user or your user) user, create the public and private keys on both nodes: (If key already exits don’t create once again)

[server1]$ /usr/bin/ssh-keygen -t dsa

[server2]$ /usr/bin/ssh-keygen -t dsa

Accept the default location for the key file. When prompted for the pass phrase, just press the

Enter key.

 

2. Concatenate the contents of the id_dsa.pub file from each node into the

authorized_keys file on the first node.

 

[server1]$ ssh server1 "cat ~/.ssh/id_dsa.pub" >> \

~/.ssh/authorized_keys

[server1]$ ssh server2 "cat ~/.ssh/id_dsa.pub" >> \

~/.ssh/authorized_keys

 

3. Copy the authorized_keys file to the same location on the second node.

[server1]$ scp ~/.ssh/authorized_keys server2:/home/oracle/.ssh/

 

4. Test the configuration.

[server1]$ ssh server2 hostname

server2.fedex.com

Try the above steps or verify ....
 
Old 12-08-2011, 04:03 AM   #7
UmaSantharam
LQ Newbie
 
Registered: Dec 2011
Posts: 8

Original Poster
Rep: Reputation: Disabled
Password authentication on same server

Hi,

I am trying to enable password authentication on the same servers. not across two servers. Still I tried all the steps you have gievn . Still no luck
 
Old 12-08-2011, 04:11 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,374

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
well look at the log file on the server and the client, run ssh with a few more -v's etc, but mainly look at the server logs /var/log/messages and /var/log/secure
 
Old 12-08-2011, 07:25 AM   #9
UmaSantharam
LQ Newbie
 
Registered: Dec 2011
Posts: 8

Original Poster
Rep: Reputation: Disabled
Incorrect permission

Thx a million for the suggestion of looking into logs.
It was permission problem as suggested by the_gripmaster. .ssh was having 777 perfmission which I changed to 700. It worked. Thx again
 
Old 12-08-2011, 08:37 AM   #10
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,374

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
*cough* That was my suggestion, which you said you'd already checked *cough*
 
1 members found this post helpful.
Old 12-08-2011, 06:20 PM   #11
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,236

Rep: Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071
Instead of... "shoveling copies of configuration-files onto disinterested total-strangers and somehow expecting them to do your job for you..." knuckle down with man ssh and figure it all out for yourself.

When ssh initiates a new connection, it first has to deal with authentication ... and it has several (well-documented) ways to do that. (For some arcane reason,) It starts with the most-restrictive option and then (!!!) works its way down to the least.

In order to solve your (oh so familiar ...) problem, you need to focus on two things:
  • How to cause ssh to accept digital certificates as a means of authentication; and ...
  • How to prevent ssh from "working its way down to" anything less.
Trust Me: The foregoing answer is not casually or flippantly written!
 
Old 12-08-2011, 10:07 PM   #12
UmaSantharam
LQ Newbie
 
Registered: Dec 2011
Posts: 8

Original Poster
Rep: Reputation: Disabled
Apologise acid_kewpie

Yes sir. You are the one who suggested to check the permission. actually I did not ignore the suggestion. I check the permission which 777 and I thought as owner has 7 permission it does not matter. Thx acid_kewpie
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Linux Backup Server: Refining Rsync, Passwordless Authentication LXer Syndicated Linux News 0 03-01-2011 05:20 AM
[SOLVED] SSH passwordless authentication purusrhce@gmail.com Linux - Server 4 12-14-2010 05:19 AM
Passwordless ssh configuration with Active Directory authentication rsussman Linux - Software 1 06-05-2009 11:10 AM
passwordless authentication sherimm Linux - Software 17 12-10-2008 11:27 PM
Passwordless SSH with SSH commercial server and open ssh cereal83 Linux - General 7 04-18-2006 12:34 PM


All times are GMT -5. The time now is 07:32 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration