[SOLVED] ssh-keygen for auto ssh login not working
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Also as someone else recommended you allow root, I do not recommend that. The root user is the most common brute forced account on any system with ssh open to world. Firewalls aside you should not allow the root login access ever. I would recommend this scheme...
Code:
PermitRootLogin no
AllowGroups wheel,users
Which means users have to be apart of the wheel or users group in order to log in. Normally the wheel group is for ssh users and users allowed sudo access which is why the second group is recommended for normal users.
Also what do the following logs say (depending on your OS):
Code:
tail -f /var/log/secure
tail -f /var/log/auth.log
Authenticate again and see what the log output says on the server.
All are enabled. I just uncommented the AuthorizedKeysFile line too to (it was previously commented out). I saw no change from adding this line though.
Quote:
Originally Posted by sag47
Also as someone else recommended you allow root, I do not recommend that.
Oh I fully agree with you here. If I had my way we'd be doing things differently, but this is the third iteration of a machine we're building and it would be non-trivial for me to convince everyone that we need to do this. Everything we need to do on this machine needs root access anyway.
Fortunately, this particular machine does not have a direct connection to the outside world. Its part of a small local network of machines, so I have to first login to one of the two machines that do have an external connect and then from there ssh into this internal system. And we never ssh in as root to those machines with external access (I'm pretty sure root ssh access is disabled).
Quote:
Originally Posted by sag47
Also what do the following logs say (depending on your OS):
Code:
tail -f /var/log/secure
tail -f /var/log/auth.log
/var/log/auth.log is an empty file, like /var/log/messages. I think the reason this is done is that this is an embedded system with a very limited amount of diskspace (some internal flash and a SD memory card), so the people who built/configured this machine throw out log messages to keep them from consuming precious disk capacity.
Well I figured out the problem. After searching for information on one of the debug messages I got earlier ("we did not send a packet, disable method"), I came across a forum thread where someone said they fixed their issue by changing the permissions on the home directory, as ssh apparently does not like it to have 777 permissions. I checked, and sure enough root had these permissions:
Code:
drwxrwxrwt 13 root root 180 1933-12-03 03:48 root
I'm not sure what the "t" was for, or whether it was relevant to this problem. After changing the permissions on /root to 755 ssh login without requiring a password worked just fine.
It doesn't like the .ssh directory to have permissions other than 700. I haven't heard of it checking on the home directory. I wonder if ssh is barfing because of the .ssh permissions?
Since you have already made some attempt first of all remove all content from /root/.ssh/konown_hosts and /root/.ssh/authorized_keys in both machine, that means your machine and the machine you wish to login.
Follow below steps,
In your machine execute following commands
#ssh-keygen (give passphrase when prompting)
#ssh-copy-id root@<IP of remote machine>
#ssh root@IP
First time it will prompt to enter passphrase, hereafter it will not prompt.
If it is not works, Please mail me #sham_antony@aol.com#
Last edited by shamantony; 02-17-2012 at 11:36 PM.
I had this same problem stump me for over 2 hours. Continually applying the same fixes outlined here. Then I looked at the shadow file and saw that the account was locked. Unlocking the account enabled the ssh key login to work. It would simply fail the login with no error message.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.