LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-16-2012, 12:29 PM   #16
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,429
Blog Entries: 33

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357

Check /etc/ssh/sshd_config. Do you have the following settings enabled?

Code:
RSAAuthentication yes 
PubkeyAuthentication yes 
AuthorizedKeysFile  %h/.ssh/authorized_keys
Also as someone else recommended you allow root, I do not recommend that. The root user is the most common brute forced account on any system with ssh open to world. Firewalls aside you should not allow the root login access ever. I would recommend this scheme...

Code:
PermitRootLogin no
AllowGroups wheel,users
Which means users have to be apart of the wheel or users group in order to log in. Normally the wheel group is for ssh users and users allowed sudo access which is why the second group is recommended for normal users.

Also what do the following logs say (depending on your OS):
Code:
tail -f /var/log/secure
tail -f /var/log/auth.log
Authenticate again and see what the log output says on the server.
 
1 members found this post helpful.
Old 02-16-2012, 12:33 PM   #17
R00ts
Member
 
Registered: Mar 2004
Location: Austin TX, USA
Distribution: Ubuntu 11.10, Fedora 16
Posts: 545

Original Poster
Rep: Reputation: 30
Yes, the home directory of root is /root and I put all the keys in /root/.ssh/authorized_keys
 
Old 02-16-2012, 12:36 PM   #18
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,429
Blog Entries: 33

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
I also had a problem with PAM as it's required on sshd in debian with public keys.

Code:
UsePAM yes
 
1 members found this post helpful.
Old 02-16-2012, 12:43 PM   #19
R00ts
Member
 
Registered: Mar 2004
Location: Austin TX, USA
Distribution: Ubuntu 11.10, Fedora 16
Posts: 545

Original Poster
Rep: Reputation: 30
Yes, PAM is enabled in my sshd_config. Thanks for the suggestion though.
 
Old 02-16-2012, 12:48 PM   #20
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,429
Blog Entries: 33

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
Did you see my previous comment about the auth logs? What do they say when you attempt to auth?
 
Old 02-16-2012, 12:51 PM   #21
R00ts
Member
 
Registered: Mar 2004
Location: Austin TX, USA
Distribution: Ubuntu 11.10, Fedora 16
Posts: 545

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by sag47 View Post
Check /etc/ssh/sshd_config. Do you have the following settings enabled?

Code:
RSAAuthentication yes 
PubkeyAuthentication yes 
AuthorizedKeysFile  %h/.ssh/authorized_keys
All are enabled. I just uncommented the AuthorizedKeysFile line too to (it was previously commented out). I saw no change from adding this line though.
Quote:
Originally Posted by sag47 View Post
Also as someone else recommended you allow root, I do not recommend that.
Oh I fully agree with you here. If I had my way we'd be doing things differently, but this is the third iteration of a machine we're building and it would be non-trivial for me to convince everyone that we need to do this. Everything we need to do on this machine needs root access anyway.

Fortunately, this particular machine does not have a direct connection to the outside world. Its part of a small local network of machines, so I have to first login to one of the two machines that do have an external connect and then from there ssh into this internal system. And we never ssh in as root to those machines with external access (I'm pretty sure root ssh access is disabled).

Quote:
Originally Posted by sag47 View Post
Also what do the following logs say (depending on your OS):
Code:
tail -f /var/log/secure
tail -f /var/log/auth.log
/var/log/auth.log is an empty file, like /var/log/messages. I think the reason this is done is that this is an embedded system with a very limited amount of diskspace (some internal flash and a SD memory card), so the people who built/configured this machine throw out log messages to keep them from consuming precious disk capacity.
 
Old 02-16-2012, 02:34 PM   #22
R00ts
Member
 
Registered: Mar 2004
Location: Austin TX, USA
Distribution: Ubuntu 11.10, Fedora 16
Posts: 545

Original Poster
Rep: Reputation: 30
Well I figured out the problem. After searching for information on one of the debug messages I got earlier ("we did not send a packet, disable method"), I came across a forum thread where someone said they fixed their issue by changing the permissions on the home directory, as ssh apparently does not like it to have 777 permissions. I checked, and sure enough root had these permissions:

Code:
drwxrwxrwt 13 root root   180 1933-12-03 03:48 root
I'm not sure what the "t" was for, or whether it was relevant to this problem. After changing the permissions on /root to 755 ssh login without requiring a password worked just fine.

Code:
# chmod 755 root
drwxr-xr-x 13 root root   180 1933-12-03 03:48 root

Thanks for your help everyone. I wouldn't have found the answer myself if you weren't all helping to guide me to the solution.
 
Old 02-16-2012, 05:00 PM   #23
padeen
Member
 
Registered: Sep 2009
Location: Perth, W.A.
Distribution: Slackware 14, Debian 7, FreeBSD, OpenBSD
Posts: 176

Rep: Reputation: 34
It doesn't like the .ssh directory to have permissions other than 700. I haven't heard of it checking on the home directory. I wonder if ssh is barfing because of the .ssh permissions?
 
Old 02-16-2012, 11:17 PM   #24
R00ts
Member
 
Registered: Mar 2004
Location: Austin TX, USA
Distribution: Ubuntu 11.10, Fedora 16
Posts: 545

Original Poster
Rep: Reputation: 30
No I checked .ssh multiple times and it did indeed have 700 permissions.
 
Old 02-17-2012, 11:33 PM   #25
shamantony
LQ Newbie
 
Registered: Feb 2012
Posts: 8

Rep: Reputation: Disabled
ssh-keygen

Since you have already made some attempt first of all remove all content from /root/.ssh/konown_hosts and /root/.ssh/authorized_keys in both machine, that means your machine and the machine you wish to login.

Follow below steps,

In your machine execute following commands

#ssh-keygen (give passphrase when prompting)

#ssh-copy-id root@<IP of remote machine>

#ssh root@IP

First time it will prompt to enter passphrase, hereafter it will not prompt.

If it is not works, Please mail me #sham_antony@aol.com#

Last edited by shamantony; 02-17-2012 at 11:36 PM.
 
Old 02-17-2012, 11:55 PM   #26
uhelp
Member
 
Registered: Nov 2011
Location: Germany, Bavaria, Nueremberg area
Distribution: openSUSE, Debian, LFS
Posts: 205

Rep: Reputation: 43
just use "ssh-copy-id" to get your key to the machine where you want to log in.

And allow root login is .... erm... NEVER ALLOW THAT
log in as normal user and issue then a "su" or "sudo"
 
Old 09-23-2012, 01:40 PM   #27
DanTMan63
LQ Newbie
 
Registered: Sep 2012
Posts: 1

Rep: Reputation: Disabled
Password locked?

I had this same problem stump me for over 2 hours. Continually applying the same fixes outlined here. Then I looked at the shadow file and saw that the account was locked. Unlocking the account enabled the ssh key login to work. It would simply fail the login with no error message.
 
  


Reply

Tags
ssh, ssh-keygen


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH not working after ssh-keygen due to lack of entropy grob115 Linux - Security 8 08-28-2010 11:33 AM
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 02:50 AM
ssh auto login script zerocool22 Linux - Server 4 05-13-2008 09:43 PM
How can I auto login to ssh server? sailershen Linux - General 1 04-17-2006 01:04 AM
ssh or telent auto login prashant_1012 Programming 1 11-22-2005 01:12 PM


All times are GMT -5. The time now is 01:51 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration