Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I want passwordless logons for root access to work and client servers.
I have set up an RSA key on my box for user@user-desktop (the basic Kubuntu machine name) and I copied/added the rsa_id_nopass.pub file to the end of the destination server's ~/.ssh/authorized_keys2 file, but it still isn't working; I am asked for a password (not passphrase) every time.
I have edited the ssh_config file (both on local machine and server) to use
RSAAuthentication yes
PubkeyAuthentication yes
and restarted the sshd server on both machines.
I want to get root access for servers when I log in using these keys. Unfortunately it isn't giving me root or regular user access at all; 'ssh root@server' is acting like it would had none of my work been done.
My system is Kubuntu 7.04 and the test server is a RedHat Enterprise Linux 9, but the key setup would eventually go onto a few debian servers and RHEL servers. I also am failing to get this to function on two Kubuntu 7.04 boxes (one is at home, one is at work (this setup is for two regular user accounts, not root accounts)). Does this whole setup require that the user name is identical on both machines??? Cause that's just a pain if I have to become root just to not enter a root password five seconds later.
Thanks for any advice
Last edited by lefty.crupps; 06-06-2007 at 11:01 AM..
It sounds like you've checked everything. Create the key pair; put public key in the remote box's ~/.ssh/authorized_keys2 file. Check that the remote ~/.ssh directory is chmod 700. The private key applies as long as you are currently running on the local box as the user you created the key for; the same user that has it in their ~/.ssh directory. You also have to be logging in as the user on the remote box that you created the ~/.ssh/authorized_keys2 file for.
Otherwise, everything you've done sounds correct. If things still don't work just post the line that created your key here, and we'll try to help you out some more.
jeenam i am not following you. Did you mean to say, copy authorized_keys to authorized_keys2 ?
alunduil you sort of answered my question, 'do both usernames have to be the same?' I tried installing the pubkey on the destination server as myself (i wanted passwordless root access from a regular shell account, otherwise i still end up typing the root passwd which saves me no time nor braincells) but it still isn't working.
Does the name of my key matter, or is each key tried before a match is found? I had created a new key specifically for this task and named it 'rsa_id_nopass.pub' and i am wondering if the '_nopass' part makes a difference. My private key has a matching name (except the .pub).
I did have to enable this:
Host *
because where I had added these:
RSAAuthentication yes
PubkeyAuthentication yes
was in a part that had no hosts defined. Then I restarted sshd but still no success.
p.s. alunduil greetings to a local Minnesotan!
Last edited by lefty.crupps; 06-06-2007 at 03:17 PM..
this may be due to a compromised ssh key.
Check /var/log/auth.log for a message about compromised keys, like this one:
Quote:
May 12 21:13:38 spiff sshd[5415]: Public key <your key fingerprint> from <source-ip> blacklisted (see ssh-vulnkey(1))
if this is the case, update your openssl and openssh packages using aptitude or whatever you use and afterwards create a new key using
ssh-keygen. (overwrite your old key and create a backup if needed before).
WITHOUT YOUR OLD KEY, YOU WILL NOT BE ABLE TO LOG IN TO MACHINES ONLY ACCEPTING YOUR KEY AS AUTH, NO PASSWORD! BE SURE TO DOUBLE CHECK, WHAT YOU DO! You have to (re)deploy the new key to all machines you want be able to auth using the key using ssh-copy-id.
After the update, the login should be possible.
btw: the username must not be identical, simply call "ssh username@hostname" to log into another username on the remote machine...
Last edited by doc.nice; 05-12-2009 at 03:41 PM..
Reason: hint about identical usernames added
1. There's no such thing as RedHat Enterprise Linux 9, if that's really RH v9 (codename Shrike), its so out of date is not funny. RHEL is currently on v5.3.
2. Are you sure you really want to be able to login remotely as root? That's usually not recommended for security reasons, especially if its on the internet
(Actually, re-reading, passwordless ie via keys is probably ok...)
3. when describing your problem, please be careful to specify whether you are editing ssh_config or sshd_config, they both exist and it makes all the difference as to which one you edit. (See your OP).
Last edited by chrism01; 05-14-2009 at 08:37 PM..
Reason: adjust point 2
put /etc/ssh/ssh_host_rsa_key.pub from the remote server in the authorized_keys file on the local host. Then ssh with the -i switch and the path for the identity file. As long as the permissions are correct for .ssh and the underlying files are correct and the PermitRootLogin line of sshd_config is set to yes you should be good.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
