ssh-keygen for auto ssh login not working
I followed the information provided on this page to use ssh-keygen to generate ssh keys to allow me to login to some machines on the local network that would not require me to login (because I'm writing a script that needs to ssh into these machines and execute various commands). These machines are running different versions of Linux, including one WindowsXP machine running cygwin.
It worked great for every machine except for one embedded system that is running a minimal version of debian. I copied over the key to it exactly the same as I did for the other machines, but it still requires me to enter a password. I checked permissions and also tried to save the key to .ssh/authorized_keys2 as the webpage suggests, but nothing changed. I don't see any messages at all regarding ssh so I'm unable to really figure out what I should do, and a general web search didn't help me either. Does anyone have an idea of what might be wrong or what I could be missing? One important distinction is on this machine, when I ssh into it I have to login as root. So I stored my ssh key in /root/.ssh/authorized_keys instead of in a user's local home .ssh folder. I'm wondering if there's something special or different I need to do for ssh'ing in as root as opposed to a normal user. |
Also I checked the permissions of .ssh and authorized_keys and they are both correct as far as I know (again, according to the site I linked to in my original post).
|
Does ssh -vvv ... show any hint of pubkey authentication?
|
Ah thanks, didn't even know about that ssh option.
Code:
$ ssh -vvv root@192.168.1.4 |
The authorized_keys file will be used on the server side. You can limit the kind of authorization with:
Code:
$ ssh -vvv -oPreferredAuthentications=publickey root@192.168.1.4 |
Doesn't this part of the log:
Code:
$ ssh -vvv root@192.168.1.4 |
The most likely cause of this is that you are generating the keys on an ssh-2 machine but your target machine is installed with ssh-1 protocol and never the twain shall meet .....
debug1: Connection established. debug1: identity file /home/militho/.ssh/identity type -1 debug3: Not a RSA1 key file /home/militho/.ssh/id_rsa. <----------- debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype |
I have the output about the failed RSA1 detection all the time I use -vvv and it doesn’t mean the server expect only RSA1, nor prohibits it to log in using RSA2 keys AFAICS, for me it works despite the debug message.
|
Does that SSH server accept root login?
You can simply verify that in your sshd_config (usually located in /etc/ssh/). Do you have the parameter "PermitRootLogin yes"? Hope this helps! |
Sorry I've been absent here the past couple of days. I got tied up with some other work.
Yes, the sshd server permits root login. If it didn't I shouldn't be able to login as root as all, right? And I can ssh as root into that machine, just not without requiring a password. After reading everyone's feedback and going through the ssh-keygen man page, I tried a couple of things and still have the same problem. Code:
# Try generating rsa1 keys Code:
$ ssh -vvv -oPreferredAuthentications=publickey root@192.168.1.4 |
As suggested: can you please check the logfile on the server, e.g. /var/log/messages?
|
Oops, sorry I skipped over that. There is nothing in /var/log/messages; its simply a blank file. A different company setup this embedded system (it runs some version of Debian) and I have no idea how they have it configured. I didn't see anything else in /var/log that looked like it would contain any useful information.
|
/root is also not writable by anyone else, as its permission is checked too.
I only know of a setting with the opposite effect: diallow password login for root, but still allow logins by publickey method. Maybe the location of the authorized_keys file is different. Is there a line like: Code:
AuthorizedKeysFile |
There is but its commented out.
Code:
$ cat /etc/ssh/sshd_config | grep Keys |
Ok, then it’s not used. But usually the default is written in this form and so I assume that the home directory of root is /root on this machine where you put the keys?
|
All times are GMT -5. The time now is 10:14 PM. |