LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-04-2011, 02:15 PM   #1
bucz
LQ Newbie
 
Registered: Nov 2011
Posts: 4

Rep: Reputation: Disabled
After ssh-copy-id , still need to provide password


Hi all,

I connect to some remote machine via ssh. I did ssh-copy-id, so I did not have to give password when logging in. Later, I messed something on the remote machine, with ownership of the files in my home folder (I don't have root there) and since then I need to give password on login all the time.. I deleted even all ~/.ssh/ on the remote machine and did ssh-copy-id again, but still, it is asking for passwords all the time..

Any clue?
 
Old 11-04-2011, 10:40 PM   #2
neonsignal
Senior Member
 
Registered: Jan 2005
Location: Melbourne, Australia
Distribution: Debian Buster (Fluxbox WM)
Posts: 1,390
Blog Entries: 52

Rep: Reputation: 359Reputation: 359Reputation: 359Reputation: 359
1. Check whether your public key on the local machine (typically something like ~/.ssh/id_rsa.pub) has actually been appended onto the authorized list on the remote machine (in ~/.ssh/authorized_keys). These are viewable as text files.

2. Check the permissions on the ~/.ssh directory (usually readable only by the owner), the permissions on the private key of the local machine (typically ~/.ssh/id_rsa, must be restricted to owner only), and the permissions on the authorized list on the remote machine (~/.ssh/authorized_keys, must not be group writable).

3. Have a look at the settings on the sshd daemon on the remote machine if it is viewable (/etc/ssh/sshd_config). Check flags like 'PubkeyAuthentication'.

Is the ssh login giving any information, or does it just ask for the password immediately? You can use the verbose flag '-v' to see what is happening in more detail.

Last edited by neonsignal; 11-04-2011 at 10:42 PM.
 
Old 11-07-2011, 04:36 AM   #3
bucz
LQ Newbie
 
Registered: Nov 2011
Posts: 4

Original Poster
Rep: Reputation: Disabled
Thanks for answer,

I checked what you suggested, and all seems to be OK (I couldn't check the sshd configuration). I also noticed, that I get authorized_keys and authorized_keys2 created (two files instead of one).

Below, ssh -v output. It complains about something at the end, but I don't know what : /

OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /home/robert/.ssh/config
debug1: Applying options for remote_host
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to remote_host [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/robert/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/robert/.ssh/id_rsa-cert type -1
debug1: identity file /home/robert/.ssh/id_dsa type -1
debug1: identity file /home/robert/.ssh/id_dsa-cert type -1
debug1: identity file /home/robert/.ssh/id_ecdsa type -1
debug1: identity file /home/robert/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 zlib@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5 zlib@openssh.com
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 3a:13:b5:26:39:a2:7f:50:1b:3b:93:2b:c1:17:08:53
debug1: Host 'remote_host' is known and matches the RSA host key.
debug1: Found key in /home/robert/.ssh/known_hosts:77
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found

debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found

debug1: Unspecified GSS failure. Minor code may provide more information

debug1: Unspecified GSS failure. Minor code may provide more information

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/robert/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/robert/.ssh/id_dsa
debug1: Trying private key: /home/robert/.ssh/id_ecdsa
debug1: Next authentication method: password

Last edited by bucz; 11-07-2011 at 08:47 AM.
 
Old 11-07-2011, 07:51 AM   #4
mr51m0n
LQ Newbie
 
Registered: Nov 2008
Posts: 17

Rep: Reputation: 0
Hey bucz

What does the /var/log/auth.log (or maybe messages or syslog, depending on your distribution) on the server say?

mr51m0n
 
Old 11-07-2011, 08:01 AM   #5
bucz
LQ Newbie
 
Registered: Nov 2011
Posts: 4

Original Poster
Rep: Reputation: Disabled
Is see no auth.log in /var/log. This is not my machine, so it can be in some directory that I have no access to.
 
Old 11-07-2011, 08:18 AM   #6
neonsignal
Senior Member
 
Registered: Jan 2005
Location: Melbourne, Australia
Distribution: Debian Buster (Fluxbox WM)
Posts: 1,390
Blog Entries: 52

Rep: Reputation: 359Reputation: 359Reputation: 359Reputation: 359
The GSS failure is I think just a failed attempt to use Kerberos authentication. This can be disabled in the /etc/ssh/ssh_config of the client, but won't make help your problem.

My understanding was that the authorized_keys2 file was used to differentiate different versions, but is now deprecated (ie, current openssh versions only use authorized_keys).

I don't know why your public key is failing to validate; after the RSA public key is offered, you should get a "Server accepts key" message.

Was your public key generated recently (or was the ssh server upgraded)? There was a problem in the Debian version of openssh a couple of years back that led to the generation of weak keys.

(by the way, in the post above, you might want to obscure any identifying information, such as the IP address)

Last edited by neonsignal; 11-07-2011 at 08:21 AM.
 
Old 11-07-2011, 08:56 AM   #7
bucz
LQ Newbie
 
Registered: Nov 2011
Posts: 4

Original Poster
Rep: Reputation: Disabled
Hm, I have the same isse from two distinct machines, so it is rather not client-side. Maybe this ssh -vline can give a clue:

debug1: Roaming not allowed by server

(thanks for this IP, I missed it somehow)
 
Old 10-08-2019, 04:18 AM   #8
Alfred Mutz
LQ Newbie
 
Registered: Oct 2019
Posts: 1

Rep: Reputation: Disabled
ssh without Password

Hello,

you heave to run
chcon -R unconfined_ubject_r:user_home_t:s0 .
in .ssh Folder.
Than it will work.

Fred

Last edited by Alfred Mutz; 10-08-2019 at 04:22 AM.
 
Old 10-08-2019, 07:36 AM   #9
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,491

Rep: Reputation: 1543Reputation: 1543Reputation: 1543Reputation: 1543Reputation: 1543Reputation: 1543Reputation: 1543Reputation: 1543Reputation: 1543Reputation: 1543Reputation: 1543
Quote:
Originally Posted by Alfred Mutz View Post
Hello,

you heave to run
chcon -R unconfined_ubject_r:user_home_t:s0 .
in .ssh Folder.
Than it will work.

Fred
Actually, this will only help is SELINUX is in use and is the problem. Good suggestion though!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
provide password through script say_hi_ravi Programming 2 08-21-2010 07:26 AM
how to provide ISP password in Evolution? betula Mandriva 3 07-20-2010 03:59 PM
provide username and password with sendmail rooky Programming 7 12-16-2009 02:41 PM
How to provide password from command prompt ? p_s_shah Solaris / OpenSolaris 5 06-09-2008 08:59 AM
How to provide password for pppd at runtime deepalalla Linux - Networking 0 12-29-2004 05:33 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration