lefty.crupps

[Log in to get rid of this advertisement]

I followed this HowTo http://www.debian-administration.org/articles/152 and I've read numerous threads here at LQ and on the web but I cannot get this to function!

I want passwordless logons for root access to work and client servers.

I have set up an RSA key on my box for user@user-desktop (the basic Kubuntu machine name) and I copied/added the rsa_id_nopass.pub file to the end of the destination server's ~/.ssh/authorized_keys2 file, but it still isn't working; I am asked for a password (not passphrase) every time.

I have edited the ssh_config file (both on local machine and server) to use
RSAAuthentication yes
PubkeyAuthentication yes
and restarted the sshd server on both machines.

I want to get root access for servers when I log in using these keys. Unfortunately it isn't giving me root or regular user access at all; 'ssh root@server' is acting like it would had none of my work been done.

My system is Kubuntu 7.04 and the test server is a RedHat Enterprise Linux 9, but the key setup would eventually go onto a few debian servers and RHEL servers. I also am failing to get this to function on two Kubuntu 7.04 boxes (one is at home, one is at work (this setup is for two regular user accounts, not root accounts)). Does this whole setup require that the user name is identical on both machines??? Cause that's just a pain if I have to become root just to not enter a root password five seconds later.

Thanks for any advice

alunduil

It sounds like you've checked everything. Create the key pair; put public key in the remote box's ~/.ssh/authorized_keys2 file. Check that the remote ~/.ssh directory is chmod 700. The private key applies as long as you are currently running on the local box as the user you created the key for; the same user that has it in their ~/.ssh directory. You also have to be logging in as the user on the remote box that you created the ~/.ssh/authorized_keys2 file for.

Otherwise, everything you've done sounds correct. If things still don't work just post the line that created your key here, and we'll try to help you out some more.

Regards,

Alunduil

jeenam

Try copying ~/.ssh/authorized_keys2 to ~/.ssh/authorized_keys.

EDIT: On the destination machine(s), of course.

lefty.crupps

jeenam i am not following you. Did you mean to say, copy authorized_keys to authorized_keys2 ?

alunduil you sort of answered my question, 'do both usernames have to be the same?' I tried installing the pubkey on the destination server as myself (i wanted passwordless root access from a regular shell account, otherwise i still end up typing the root passwd which saves me no time nor braincells) but it still isn't working.

Does the name of my key matter, or is each key tried before a match is found? I had created a new key specifically for this task and named it 'rsa_id_nopass.pub' and i am wondering if the '_nopass' part makes a difference. My private key has a matching name (except the .pub).

I did have to enable this:
Host *
because where I had added these:
RSAAuthentication yes
PubkeyAuthentication yes
was in a part that had no hosts defined. Then I restarted sshd but still no success.

p.s. alunduil greetings to a local Minnesotan!

jeenam

Typo above; it should read: Try copying ~/.ssh/authorized_keys2 to ~/.ssh/authorized_keys.

simon.sweetman

Have you set the PermitRootLogin to yes or without-password (for public key verification only) in /etc/ssh/sshd_config on the target machine(s)?

Of course a restart of sshd will be required after this change.

doc.nice

this may be due to a compromised ssh key.
Check /var/log/auth.log for a message about compromised keys, like this one:

if this is the case, update your openssl and openssh packages using aptitude or whatever you use and afterwards create a new key using
ssh-keygen. (overwrite your old key and create a backup if needed before).

WITHOUT YOUR OLD KEY, YOU WILL NOT BE ABLE TO LOG IN TO MACHINES ONLY ACCEPTING YOUR KEY AS AUTH, NO PASSWORD! BE SURE TO DOUBLE CHECK, WHAT YOU DO! You have to (re)deploy the new key to all machines you want be able to auth using the key using ssh-copy-id.

After the update, the login should be possible.

btw: the username must not be identical, simply call "ssh username@hostname" to log into another username on the remote machine...

chrism01

Just a some side points:

1. There's no such thing as RedHat Enterprise Linux 9, if that's really RH v9 (codename Shrike), its so out of date is not funny. RHEL is currently on v5.3.
2. Are you sure you really want to be able to login remotely as root? That's usually not recommended for security reasons, especially if its on the internet
(Actually, re-reading, passwordless ie via keys is probably ok...)
3. when describing your problem, please be careful to specify whether you are editing ssh_config or sshd_config, they both exist and it makes all the difference as to which one you edit. (See your OP).

barae

One other thing you might want to verify is that the .ssh directory and authorized_keys(2) files are owned by root:root (or user:user)

doc.nice

...and the ssh dir ist set to mode 700 (call chown user: ~/.ssh; chmod 700 ~/.ssh)

ermoreno

put /etc/ssh/ssh_host_rsa_key.pub from the remote server in the authorized_keys file on the local host. Then ssh with the -i switch and the path for the identity file. As long as the permissions are correct for .ssh and the underlying files are correct and the PermitRootLogin line of sshd_config is set to yes you should be good.

ssh -i /etc/ssh/ssh_host_rsa_key root@remotehost

elkali

Remember to check not only the directory permissions and ownership, but also the authorized_keys file. It should belong to the user and be chmod'ed to 700.

This will solve your problem almost for sure, it did solve mine :-)