LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 07-21-2005, 12:03 AM   #1
guideweb
Member
 
Registered: Mar 2004
Location: /planet/earth
Posts: 110

Rep: Reputation: 15
SSH public / private keys problem


Hi,

I try to setup a public/private key access using SSH , but it only work when i connect from 'root' to 'root' user.


LOCAL - Remote(server)
root root Ok
user user Asking for passw
root user Asking for passw
user root Asking for passw

My (local) ~./ssh/id_dsa.pub = my (remote) /root/./ssh/authorized_keys = /home/user/./ssh/authorized_keys



Here is a part of the output of #ssh user@remote.server -vv
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: identity (0x9501618)
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa (0x95000c8)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: identity
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Offering public key: /root/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive


A part of /etc/ssh/sshd_config

#RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts no
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication yes
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no


Any inputs are welcome
Thanks,

Last edited by guideweb; 07-21-2005 at 12:05 AM.
 
Old 07-21-2005, 12:42 AM   #2
michaelsanford
Member
 
Registered: Feb 2005
Location: Ottawa/Montréal
Distribution: Slackware + Darwin (MacOS X)
Posts: 468

Rep: Reputation: 30
That's because you're putting the public key into the server's /root/.ssh/authorized_keys file.

The key-pair is generated by and for a particular user. You generated the key set on the client machine as root and then copied the public key into the root user's authorized_keys file, so naturally only root to root will work.

If you'd like it otherwise, you'll have to copy the public key file from your root user (which is presumably who you want to connect from) to whoever else's account on the ssh server you want to access.

For example, I generated a key as user "michael" on my client and then copied it to the server in user "raven"'s ~/.ssh/authorized_keys file. Then, from the client, as "michael" I just ssh raven@host and I'm in, as user raven.

EDIT There may be a way to add it globally, like say /etc/ssh/authorized_keys, but if there is I don't know of it.
 
Old 07-21-2005, 01:17 AM   #3
guideweb
Member
 
Registered: Mar 2004
Location: /planet/earth
Posts: 110

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by michaelsanford
[B]That's because you're putting the public key into the server's /root/.ssh/authorized_keys file.

The key-pair is generated by and for a particular user. You generated the key set on the client machine as root and then copied the public key into the root user's authorized_keys file, so naturally only root to root will work.
Sorry if i wasen't clear but it exactly what i have done.

root(local) priv key in root/.ssh/ dir and i copied public key to root's account on the server. and it work correctly

root(local) priv key in root/.ssh/ dir and i copied public key to ~user/.ssh/ account on the server. and diddint work

user(local priv key in ~user/.ssh/ dir and copied public key to user/.ssh/ account on server but didint work


Thanks,

Last edited by guideweb; 07-21-2005 at 01:18 AM.
 
Old 07-21-2005, 05:12 AM   #4
cdhgee
Member
 
Registered: Oct 2003
Location: St Paul, MN
Distribution: Fedora 8, Fedora 9
Posts: 513

Rep: Reputation: 30
Are you by chance trying to log into a chroot'ed shell on the server? I'm aware there's a common patch for ssh which chroots shells where the user's home dir is contains /./, and I've had experience in the past where I've been unable to sign into chroot'ed shells using publickey but password worked fine. Unfortunately I found no way round this.
 
Old 07-21-2005, 12:06 PM   #5
guideweb
Member
 
Registered: Mar 2004
Location: /planet/earth
Posts: 110

Original Poster
Rep: Reputation: 15
User are not (yet) chrooted
 
Old 07-21-2005, 01:15 PM   #6
michaelsanford
Member
 
Registered: Feb 2005
Location: Ottawa/Montréal
Distribution: Slackware + Darwin (MacOS X)
Posts: 468

Rep: Reputation: 30
When you say it's in ~/.ssh/ you mean ~/.ssh/authorized_keys right ? Because the public key doens't just go in the folder it gets added inline to the authorized_keys file.
 
Old 07-21-2005, 01:33 PM   #7
guideweb
Member
 
Registered: Mar 2004
Location: /planet/earth
Posts: 110

Original Poster
Rep: Reputation: 15
Yes keys are in file
~/.ssh/authorized_keys

Like i said on my first post, it work fine when i connect from root(local) to root(remote) , but i cant connect from user(local) to otheruser(remote)

The howto i follow to make sure what i was doing was right :
http://www.linuxquestions.org/questi...ticle&artid=79


Thanks,


Last edited by guideweb; 07-21-2005 at 05:07 PM.
 
Old 08-27-2005, 09:49 PM   #8
guideweb
Member
 
Registered: Mar 2004
Location: /planet/earth
Posts: 110

Original Poster
Rep: Reputation: 15
Anyone ? please ...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh public/private keys lord_darkhelmet Linux - Newbie 8 10-29-2005 03:14 PM
CVS & SSH & Public/private keys guideweb Linux - Software 15 09-09-2005 01:06 PM
SSH public/private key authentication with GnuPG keys? thinksincode Linux - Security 1 02-25-2005 02:33 PM
How to delete public & private keys for SSH? TrulyTessa Linux - Security 2 11-18-2004 12:27 PM
Help with SSH and public/private keys stodge Linux - Security 5 05-14-2003 01:22 PM


All times are GMT -5. The time now is 02:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration