LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-29-2015, 02:50 PM   #1
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: SATX
Distribution: RHEL/CentOS
Posts: 1,233
Blog Entries: 4

Rep: Reputation: 135Reputation: 135
Finally Got SSH Keys to Work, Had to Use a Different Command...WHY?


For the last few weeks I've been trying to setup SSH keys from my main Linux server to all of the other Linux servers that I use.

I'm using the HOWTO here

http://unix.stackexchange.com/questi...authentication

It didn't work. It was still asking for a password or the pass phrase.

So...I did my troubleshooting here:

http://unix.stackexchange.com/questi...authentication

In the end, I deleted all of the public/private keys and did the following steps:

ssh-keygen (not specifiying a rsa key)

and then to copy over the key I did the following ssh-copy-id username@xx.xx.xx.xx

...and it worked!

I'm wanting to understand why this is working Vs the ways I'm seeing on other websites.

thanks
 
Old 01-29-2015, 02:57 PM   #2
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,561

Rep: Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127
Most walkthroughs miss a step or two. The simplest and most portable way is the following:

1) Run "ssh-keygen -t dsa" on the client machine (or rsa, doesn't matter for this description)
2) Open up ~/.ssh/id_dsa.pub on the client machine
3) In a separate terminal, ssh to the server machine
4) Open up ~/.ssh/authorized_keys on the server machine (create it if it doesn't exist)
5) Copy and paste #2 into #4
6) On the server machine, run the following three commands (you only have to do this once):
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 750 ~

That should be it. 99% of the guides I see on the web miss step 6. SSH will ignore your authorized_keys file if the permissions are too lax, and if you create the authorized_keys file from scratch because it didn't already exist, the default permissions will be too lax.

There are other commands, like ssh-copy-id, or "cat ~/.ssh/id_dsa.pub | ssh user@server cat - >> ~/.ssh/authorized_keys", but all they're doing is steps 2-5 above. If you understand what's actually happening "under the hood" so-to-speak, it's just as easy to do it manually as it is to use those tools, and many systems (like embedded systems) don't have the tools, so if that's all you know you're stuck.

Last edited by suicidaleggroll; 01-29-2015 at 02:58 PM.
 
Old 01-29-2015, 03:26 PM   #3
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: SATX
Distribution: RHEL/CentOS
Posts: 1,233
Blog Entries: 4

Original Poster
Rep: Reputation: 135Reputation: 135
I know I had all of the file/directory permissions setup correctly and yet it still didn't work.

I didn't know ssh-copy-id was a program. If I would have known that earlier, it would have saved me a bunch of time.

http://www.thegeekstuff.com/2008/11/...n-ssh-copy-id/

Im not understanding the how/why if I had all permissions setup correctly, pub key copied over to /~/.ssh and yet I still couldn't get it to work.

Last edited by JockVSJock; 01-29-2015 at 03:28 PM.
 
Old 01-29-2015, 03:50 PM   #4
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,561

Rep: Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127
Quote:
Originally Posted by JockVSJock View Post
Im not understanding the how/why if I had all permissions setup correctly, pub key copied over to /~/.ssh and yet I still couldn't get it to work.
The simple answer is you did something wrong. Your description here makes it sound like you just copied the public key into the ~/.ssh/ directory on the server. If that's the case, it's the problem. It needs to be copied into the ~/.ssh/authorized_keys file on the server. Either that, or your permissions weren't correct.

I've never used ssh-copy-id and I've set up passwordless ssh hundreds of times on dozens of machines. It's a very straight forward process with very few "gotchas". Retrace your setups and I'm sure you'll find where you went wrong.
 
Old 01-29-2015, 04:00 PM   #5
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: SATX
Distribution: RHEL/CentOS
Posts: 1,233
Blog Entries: 4

Original Poster
Rep: Reputation: 135Reputation: 135
I copied the contents of id_rsa.pub > authorized_keys and then copied the new file over to /~/home/user/.ssh/. I made sure that the permissions were all setup correctly.

I did noticed that the byte size on the authroized_keys was 0. Maybe that was the issue?
 
Old 01-29-2015, 04:03 PM   #6
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,561

Rep: Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127
What is "/~/home/user/.ssh/"???

/home/user/.ssh/ is where it should go. This can also be written as ~/.ssh/. But ~/home/user/.ssh is redundant (it means /home/user/home/user/.ssh/), and /~/home/user/.ssh/ is just right out.

If the authorized_keys file had 0 size, then id_rsa.pub was not copied into it.
 
Old 01-29-2015, 06:06 PM   #7
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: SATX
Distribution: RHEL/CentOS
Posts: 1,233
Blog Entries: 4

Original Poster
Rep: Reputation: 135Reputation: 135
If I cp ip_rsa.pub > authorized_keys, why would it not copy the contents of the file over?
 
Old 01-29-2015, 06:13 PM   #8
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,561

Rep: Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127
Because the syntax is "cp ip_rsa.pub authorized_keys". The > comes after the command and redirects stdout to the file "authorized_keys".

So basically what you're running is "cp ip_rsa.pub", which is an invalid command, and redirecting stdout of that invalid command (of which there will be none) into the file authorized_keys. This will throw both an error, and create an empty file called "authorized_keys", overwriting any previous file with the same name.

You should have seen an error like the following when you ran that:
Code:
cp: missing destination file operand after ‘id_rsa.pub’
Try 'cp --help' for more information.

Last edited by suicidaleggroll; 01-29-2015 at 06:14 PM.
 
  


Reply

Tags
linux, rsa, ssh, ssh keygen


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] SSH keys only work in one direction jeffrosquad Linux - Server 4 01-09-2012 09:33 AM
How can I append to a file remotely using a linux command (via ssh keys) abefroman Programming 2 11-27-2009 10:51 PM
SSH host keys are not being read correctly from .ssh/known_hosts. bartonski Linux - Software 3 10-29-2009 05:40 PM
SSH host keys VS SSH keys kenneho Linux - Security 3 09-11-2008 07:03 AM
Configuring SSH to accept only keys (already have keys) fr0st Linux - Security 3 11-04-2003 04:31 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration