LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-06-2017, 10:13 AM   #1
sunlinux
Member
 
Registered: Feb 2006
Distribution: RHCL 5
Posts: 239

Rep: Reputation: 30
passwordless ssh


I set up passwordless ssh on server (centos6) , I coping pub file in client server RHEL 5 ( .ssh/authorized_keys)
-rwx------ 1 root root 1987 Nov 6 15:31 authorized_keys

but when I hit ssh root@backup ( it asks for password )

I disabled Seliux on server already ..

pls suggest

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'mcom-backup' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:7
debug2: bits set: 542/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa (0x8600800)
debug2: key: /root/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found

debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
root@mcom-backup's password:
 
Old 11-06-2017, 01:58 PM   #2
cyent
Member
 
Registered: Aug 2001
Location: ChristChurch New Zealand
Distribution: Ubuntu
Posts: 365

Rep: Reputation: 82
A common gotcha is to have incorrect permissions on the .ssh directory.

Check that they are...

ls -ld ~/.ssh
drwx------ 2 you users 4096 May 22 13:21 /home/you/.ssh


ssh-copy-id is a good way of handling all that stuff. It just does The Right Thing.
 
Old 11-06-2017, 02:03 PM   #3
Teufel
Member
 
Registered: Apr 2012
Distribution: Gentoo
Posts: 616

Rep: Reputation: 142Reputation: 142
may be it will suit your needs:
sshpass
 
Old 11-06-2017, 08:21 PM   #4
chwilk
LQ Newbie
 
Registered: Nov 2007
Posts: 5

Rep: Reputation: 1
One more double-check: The authorized_keys file you did an ls on seems large for a single public key. Ensure you haven't accidentally copied a private key instead (they are about four times the size of a public key)

private keys will start with

-----BEGIN RSA PRIVATE KEY-----

while public keys will be one long line of text starting with ssh-rsa.
 
Old 11-06-2017, 09:46 PM   #5
sunlinux
Member
 
Registered: Feb 2006
Distribution: RHCL 5
Posts: 239

Original Poster
Rep: Reputation: 30
no guys that didnt help , permission etc seems correct , still getting password prompt
 
Old 11-07-2017, 12:25 AM   #6
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 17,401
Blog Entries: 10

Rep: Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212
Quote:
Originally Posted by sunlinux View Post
no guys that didnt help , permission etc seems correct , still getting password prompt
anytime you claim sth like that you have to post commands issued & output received.
like you did in your first post.
(i doubt it is exactly the same?)

fwiw, i don't think you should be ssh'ing as root, into root.
i have never even attempted that, but it's possible the server's sshd is configured to deny that.
check in /etc/ssh/sshd.conf (i think) on the server.
and double check if sshd is doing fine on the server.
 
1 members found this post helpful.
Old 11-07-2017, 02:07 AM   #7
Prehistorik
Member
 
Registered: Oct 2006
Location: St. Petersburg, Russia
Distribution: Ubuntu
Posts: 31

Rep: Reputation: 1
Can you show the output of commands (on the server and on the client):

Code:
ls -la ~/.ssh
Code:
ls -la /etc/ssh
Also, as cyent suggested, you can do

Code:
ssh-copy-id SERVER_NAME
on the client. The command will ask for the password.

Analyzing the log on the server may help too (I recall that on CentOS 6 sshd logs go to /var/log/messages by default, you can filter out anything not related to SSH by command:
Code:
grep ssh /var/log/messages
).
 
Old 11-07-2017, 09:02 AM   #8
sunlinux
Member
 
Registered: Feb 2006
Distribution: RHCL 5
Posts: 239

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Prehistorik View Post
Can you show the output of commands (on the server and on the client):

Code:
ls -la ~/.ssh
Client
drwx------ 2 root root 4096 Nov 7 05:00 .
drwxr-x--- 18 root root 4096 Nov 7 04:55 ..
-rwx------ 1 root root 1588 Nov 7 05:00 authorized_keys
-rw------- 1 root root 1194 Oct 13 09:35 authorized_keys_131017
-rwx------ 1 root root 1589 Nov 6 15:31 authorized_keys2
-rw------- 1 root root 1675 Jan 10 2012 id_rsa
-rw-r--r-- 1 root root 397 Jan 10 2012 id_rsa.pub
-rw-r--r-- 1 root root 2782 Nov 6 15:19 known_hosts
-rw-r--r-- 1 root root 0 Oct 13 09:35 pp
-rw------- 1 root root 0 Oct 13 09:35 pp2


Code:
ls -la /etc/ssh
Client
ls -la /etc/ssh
total 200
drwxr-xr-x 2 root root 4096 Dec 13 2011 .
drwxr-xr-x 91 root root 12288 Nov 6 15:18 ..
-rw------- 1 root root 132839 Jan 15 2008 moduli
-rw-r--r-- 1 root root 1826 Dec 13 2011 ssh_config
-rw------- 1 root root 3301 Jan 15 2008 sshd_config
-rw------- 1 root root 668 May 27 2010 ssh_host_dsa_key
-rw-r--r-- 1 root root 590 May 27 2010 ssh_host_dsa_key.pub
-rw------- 1 root root 963 May 27 2010 ssh_host_key
-rw-r--r-- 1 root root 627 May 27 2010 ssh_host_key.pub
-rw------- 1 root root 1675 May 27 2010 ssh_host_rsa_key
-rw-r--r-- 1 root root 382 May 27 2010 ssh_host_rsa_key.pub



Also, as cyent suggested, you can do

Code:
ssh-copy-id SERVER_NAME
Done

on the client. The command will ask for the password.
when I do ssh root@172.16.14.13
root@172.16.14.13's password:

there is no log generated on server ( log/var/secure or message

Analyzing the log on the server may help too (I recall that on CentOS 6 sshd logs go to /var/log/messages by default, you can filter out anything not related to SSH by command:
Code:
grep ssh /var/log/messages
).
Server:
ls -la ~/.ssh
total 24
drwx------. 2 root root 4096 Oct 19 19:26 .
dr-xr-x---. 4 root root 4096 Oct 20 09:02 ..
-rw-------. 1 root root 1675 Oct 19 19:06 id_rsa
-rw-r--r--. 1 root root 398 Oct 19 19:06 id_rsa.pub
-rw-r--r--. 1 root root 398 Oct 19 19:25 id_rsa.pub1
-rw-r--r--. 1 root root 399 Oct 19 19:26 known_hosts

Server
ls -la /etc/ssh
total 176
drwxr-xr-x. 2 root root 4096 Oct 19 20:00 .
drwxr-xr-x. 97 root root 12288 Oct 19 19:49 ..
-rw-------. 1 root root 125811 Feb 22 2013 moduli
-rw-r--r--. 1 root root 2047 Feb 22 2013 ssh_config
-rw------- 1 root root 3872 Oct 19 20:00 sshd_config
-rw------- 1 root root 3872 Oct 19 19:56 sshd_configbkup
-rw-------. 1 root root 668 Oct 19 18:43 ssh_host_dsa_key
-rw-r--r--. 1 root root 590 Oct 19 18:43 ssh_host_dsa_key.pub
-rw-------. 1 root root 963 Oct 19 18:43 ssh_host_key
-rw-r--r--. 1 root root 627 Oct 19 18:43 ssh_host_key.pub
-rw-------. 1 root root 1675 Oct 19 18:43 ssh_host_rsa_key
-rw-r--r--. 1 root root 382 Oct 19 18:43 ssh_host_rsa_key.pub
 
Old 11-07-2017, 09:47 AM   #9
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138Reputation: 2138
A few things:

1) You just posted the output of "ls -la ~/.ssh" on the server, yet there is no authorized keys file there. What happened to it?
2) In your output of "ls -la ~/.ssh", it shows the permissions on your home directory ".." are 550, that's very strange that you don't have owner write access to your own home directory
3) In your previous output showing authorized_keys, the file size is way too large for a single key as chwilk pointed out earlier.

I'm going to back up and provide the complete instructions for setting up ssh keys on a pair of machines. Make sure you have done these steps on the right machines.

ON THE CLIENT:
1) Run "ssh-keygen"
2) Open up the resulting ~/.ssh/id_rsa.pub file, it should only contain a single line, copy it

ON THE SERVER:
1) Paste the line from the client's public key file into the server's ~/.ssh/authorized_keys file
2) Ensure your permissions on the server are at LEAST as restrictive as the following:
600 ~
700 ~/.ssh
750 ~/.ssh/authorized_keys
 
Old 11-07-2017, 12:52 PM   #10
cyent
Member
 
Registered: Aug 2001
Location: ChristChurch New Zealand
Distribution: Ubuntu
Posts: 365

Rep: Reputation: 82
Quote:
Originally Posted by suicidaleggroll View Post
A few things:

1) You just posted the output of "ls -la ~/.ssh" on the server, yet there is no authorized keys file there. What happened to it?
Yup, that's the problem.

Quote:
2) Open up the resulting ~/.ssh/id_rsa.pub file, it should only contain a single line, copy it
Don't need to ssh-copy-id will do all that stuff for you. (And get it right :-))
 
Old 11-11-2017, 12:43 AM   #11
sunlinux
Member
 
Registered: Feb 2006
Distribution: RHCL 5
Posts: 239

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by suicidaleggroll View Post
A few things:

1) You just posted the output of "ls -la ~/.ssh" on the server, yet there is no authorized keys file there. What happened to it?
2) In your output of "ls -la ~/.ssh", it shows the permissions on your home directory ".." are 550, that's very strange that you don't have owner write access to your own home directory
3) In your previous output showing authorized_keys, the file size is way too large for a single key as chwilk pointed out earlier.

I'm going to back up and provide the complete instructions for setting up ssh keys on a pair of machines. Make sure you have done these steps on the right machines.

ON THE CLIENT:
1) Run "ssh-keygen"
2) Open up the resulting ~/.ssh/id_rsa.pub file, it should only contain a single line, copy it

ON THE SERVER:
1) Paste the line from the client's public key file into the server's ~/.ssh/authorized_keys file
2) Ensure your permissions on the server are at LEAST as restrictive as the following:
600 ~
700 ~/.ssh
750 ~/.ssh/authorized_keys

its bit confusing who shall keep "Autorized_Keye file " Client or Server .. I think Client ? in this case client has that file , it has multiple keys so size is bigger ..
 
Old 11-11-2017, 02:09 AM   #12
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339

Rep: Reputation: 259Reputation: 259Reputation: 259
No. The authorized_keys file is only necessary and needed on the server(s).

Maybe this explains it a little bit: http://www.unixwiz.net/techtips/ssh-...orwarding.html

-- Reuti
 
Old 11-11-2017, 03:58 AM   #13
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 17,401
Blog Entries: 10

Rep: Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212Reputation: 5212
there's plenty of threads around the interwebz with people failing to set up ssh key authentication properly, for varying reasons, and sometimes even locking themselves out of their servers...

i might have had some difficulties the first time i did it, but all you really need is a good tutorial, and follow it slavishly.
i always come back to this one when i have to do it again.
 
  


Reply

Tags
passwordless, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Passwordless ssh works. Normal login/ssh Fails. gurunarayanan Linux - Newbie 9 11-08-2012 04:42 AM
Passwordless SSH cccc Linux - Networking 9 12-27-2009 07:04 AM
Can't use passwordless ssh sunhui Linux - Security 1 10-03-2006 08:29 PM
Passwordless SSH with SSH commercial server and open ssh cereal83 Linux - General 7 04-18-2006 12:34 PM
Regarding Passwordless SSH nedian123 Linux - Software 1 08-05-2004 05:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration