Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am configuring my two machines to be able to ssh to each-other without password authentication but can not seem to get it to work. I generated the rsa key on the client in the .ssh folder and moved the id_rsa.pub file to server changing it's name to authorized_keys. But I am still prompted for a password when logging in on the client to the server. Am I missing something? If it makes any difference I am making the key without a pass code. When I read the rsa.pub file the last line says "==username@domain.local", Is this line suppose to be the ip address of the client? Please help
It should have picked up the username you were using when you generated the key. Be sure you are logged in as the user you plan on using to ssh to the server and regenerate the key. Then check it to make sure it shows your username. The passcode is allowed to be blank. It sounds like your fully qualified domain name on the client is domain.local. That's okay if it isn't the same as the server, but not getting the correct username is not.
Also, do you have a login on the server using the SAME username (exactly)?
Is that /home/<username>/.ssh folder where you put the authorized_keys file?
That is critical to proper functioning.
When I read the rsa.pub file the last line says "==username@domain.local", Is this line suppose to be the ip address of the client?
the public key files are made up of 3 fields. The first is the key type, then the base 64 encoded key data, and finally a comment section that is usually set to the username/host when the key was made. This comment field is completely arbitrary and can be anything or nothing at all.
May also want to make a copy of the authorized_keys file and name it authorized_keys2 in case you're forcing SSHv2 for some reason.
good point. I use to have to do this on older systems other people admin'd cause I could never tell which to use. I used a symlink instead so I didn't have to maintain entries in each file...
Thanks guys for all of your help and thank you stanlo45 for the tutorial. It seems that changing the permissions on the authorized keys file was the missing step I needed. In would not have thought this step would be so critical.
Permissions on the keys is critical because of off-line attacks bad guys can do on them if copied - not to mention passwordless keys. Having the service force the issue protects the unaware.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.