password less ssh doesn't work in centos 6.4 and 6.6
 

Hi All ,

I have a situation whereby password less ssh is not working in centos 6.4 and centos 6.6. I have verified the below items ;

All dirs owned by userx on server A and B have following perm
1) /home/userx/ to have 700 perm
2) /home/userx/.ssh to have 700 perm
3) /home/userx/.ssh/authorized_keys to have 600 perm

After adding the content of id_rsa.pub (from my mac) to the authorized_keys on server A - i can ssh without password - this works.

But when i use the same id_rsa.pub and added it to authorized_keys on my server B , i can't ssh to server B without password - using ssh -A userx@server

Kindly advice ... thank you!


Below are my real logs
==============
[userx@m26 ~]$ ssh -v -A userx@10.0.1.240
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.0.1.240 [10.0.1.240] port 22.
debug1: Connection established.
debug1: identity file /home/userx/.ssh/identity type -1
debug1: identity file /home/userx/.ssh/id_rsa type -1
debug1: identity file /home/userx/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.0.1.240' is known and matches the RSA host key.
debug1: Found key in /home/userx/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/userx/.ssh/identity
debug1: Trying private key: /home/userx/.ssh/id_rsa
debug1: Trying private key: /home/userx/.ssh/id_dsa
debug1: Next authentication method: password
userx@10.0.1.240's password:

- can't you generate a new pair of keys for the connection to server B?
- are you sure the ssh-daemon (sshd) on server B has passwordless authentication enabled?

Did you generate the keys on the Mac? Is m26 the Mac?

I expected a debug message that offers or read the id_rsa key private key. I assume it exists since it works for server A. Sharing public keys between servers should work.

HI michaelk,

I have created the rsa keys on my mac , m26 is my server A - a centos 5.8 server while server B is a centos 6.6.

I have tried similar thing within centos 6.4 servers - resulting in the same issue...

HI ondoho ,

I can't afford to create new rsa keys coz it's working fine with lower version of centos (5.2, 5.8 and 5.9) - only on centos 6.4 and 6.6 it's giving this issue.

below are the setting for my sshd for server B


[root@safedb ~]# cat /etc/ssh/sshd_config | grep -i "RSAAuthentication"
RSAAuthentication yes

[root@safedb ~]# cat /etc/ssh/sshd_config | grep -i "PubkeyAuthentication"
PubkeyAuthentication yes

Hi All ,

I have resolved this by doing ssh-add from my local mac to server A then ssh -A userx@serverB. this solved the issue...i believe some setting in mac that needs to checked again..thanks all!!