LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-20-2006, 04:59 PM   #1
blackdragonblood
Member
 
Registered: May 2005
Location: Minneapolis, MN
Distribution: Debian
Posts: 217

Rep: Reputation: 30
Setting up passwordless ssh


I'm setting up passwordless ssh and I still get prompted for passwords. I generated the keys, copied the pub key to the server, cat the file /.ssh/autorized_keys, and still get asked for passwords. I double checked permissions and log files. I see no evidence that my keys are being checked.
 
Old 01-20-2006, 05:13 PM   #2
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
When you generated the keys, did you remember to not create a passphrase?
 
Old 01-20-2006, 05:24 PM   #3
blackdragonblood
Member
 
Registered: May 2005
Location: Minneapolis, MN
Distribution: Debian
Posts: 217

Original Poster
Rep: Reputation: 30
Yes, the keys were generated w/o a passphrase.
 
Old 01-20-2006, 07:54 PM   #4
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
Sounds like it maybe the configuration on the server, can you post the contents of the sshd_config file from the server.
 
Old 01-20-2006, 11:25 PM   #5
blackdragonblood
Member
 
Registered: May 2005
Location: Minneapolis, MN
Distribution: Debian
Posts: 217

Original Poster
Rep: Reputation: 30
Here it is.

Code:
#       $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#ShowPatchLevel no

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server
 
Old 01-21-2006, 02:40 AM   #6
dombrowsky
Member
 
Registered: Dec 2005
Location: New York
Distribution: Debian/GNU
Posts: 235

Rep: Reputation: 31
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

try setting the empty passwords line to yes. maybe the default in ssh changed and the config file wasn't updated.

just a guess.

-dave
 
Old 01-21-2006, 08:25 AM   #7
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
Quote:
PasswordAuthentication yes
That has to be set to no to disable passwords.
 
Old 01-21-2006, 01:34 PM   #8
blackdragonblood
Member
 
Registered: May 2005
Location: Minneapolis, MN
Distribution: Debian
Posts: 217

Original Poster
Rep: Reputation: 30
I made the suggested changes to sshd_config and now my client generates the following error.

Quote:
Permission denied (publickey,gssapi-with-mic).
 
Old 01-21-2006, 06:22 PM   #9
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
I noticed that there are a couple other changed in the config, namely the ChallengeResponseAuthentication and the GSSAPI settings. Are those things you changed or is that the standard config for FC?
 
Old 01-21-2006, 10:46 PM   #10
blackdragonblood
Member
 
Registered: May 2005
Location: Minneapolis, MN
Distribution: Debian
Posts: 217

Original Poster
Rep: Reputation: 30
I did change some stuff and it's possible that I may have changed them although, I don't think I did. I must appoligize b/c I looked at other log files and realized I was looking at the wrong one for ssh activity.

Quote:
Authentication refused: bad ownership or modes for file /home/identity/.ssh/authorized_keys
I messed around with permissions and still couldn't figure it out. Could some one plz clear make it clear what the permissions should be for authorized_keys? Also, if there are things that I should change back in my sshd_config plz let me know. Again sorry for leading everyone down the wrong path.

Last edited by blackdragonblood; 01-21-2006 at 10:47 PM.
 
Old 01-21-2006, 11:08 PM   #11
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
Obviously the user/group shown below will be different at your end, but take special note of the permissions on the .ssh directory. i.e. 700
Code:
[scowles@excelsior .ssh]$ ls -la
total 16
drwx------   2 scowles scowles 4096 Dec  4 19:01 .
drwxr-xr-x  34 scowles scowles 4096 Jan 20 04:17 ..
-rw-r--r--   1 scowles scowles 2223 Nov 25 23:22 authorized_keys
-rw-r--r--   1 scowles scowles 1074 Dec  4 19:01 known_hosts
[scowles@excelsior .ssh]$ pwd
/home/scowles/.ssh

Last edited by scowles; 01-22-2006 at 06:28 AM.
 
Old 01-21-2006, 11:58 PM   #12
blackdragonblood
Member
 
Registered: May 2005
Location: Minneapolis, MN
Distribution: Debian
Posts: 217

Original Poster
Rep: Reputation: 30
I changed the permissions. I still get the same error messange and nothing shows up in /var/log/secure.
 
Old 01-22-2006, 08:48 AM   #13
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
Check the permissions on your home directory. Basically if anybody besides the user can write to the home directory, the .ssh directory or any of its files, sshd is going to pitch a fit. I would also seriously reccomend setting all your sshd_config values back to whatever they normally should be for FC.
 
Old 01-22-2006, 12:10 PM   #14
blackdragonblood
Member
 
Registered: May 2005
Location: Minneapolis, MN
Distribution: Debian
Posts: 217

Original Poster
Rep: Reputation: 30
I tried changing permissions for /home/identity, changing sshd_config back, and changing more options sshd_config. Is it possible to get a fresh file from somewhere? I'll post sshd_config in it's current state.

Code:
#	$OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile	.ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PermitEmptyPasswords yes
PasswordAuthentication no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication yes
#ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
GSSAPIAuthentication no
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication mechanism. 
# Depending on your PAM configuration, this may bypass the setting of 
# PasswordAuthentication, PermitEmptyPasswords, and 
# "PermitRootLogin without-password". If you just want the PAM account and 
# session checks to run without PAM authentication, then enable this but set 
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#ShowPatchLevel no

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem	sftp	/usr/libexec/openssh/sftp-server
 
Old 01-22-2006, 02:51 PM   #15
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
From what I've seen on the net I think you should change the following:

ChallengeResponseAuthentication no
GSSAPIAuthentication yes
PermitEmptyPasswords no
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't get passwordless ssh working thorney Linux - Networking 3 11-27-2005 11:08 PM
Ssh passwordless : Urgent muneebs123 Linux - Security 23 06-21-2005 09:26 PM
Passwordless SSH problem? LQYY Linux - Software 5 06-09-2005 10:56 PM
Passwordless SSH for Cluster nedian123 Linux - Networking 3 12-07-2004 11:15 PM
Regarding Passwordless SSH nedian123 Linux - Software 1 08-05-2004 06:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration