|
ssh help
Hello
I have setup ssh but it's not working...looking for some advise. Here is what I have done On the first Red Hat box Step 1 su to test_user Step 2 run ssh-keygen -t rsa Step 3 Enter defaults file location/path Step 4 Enter the pass phrase - testing The keys generated now 2b:ba:5b:af:ec:06:4b:bb:10:8e:27:e6:b3:6f:75:0f test@test.com Step 5 run chmod 755 ~/.ssh Step 6 Run the same steps above on the Remote Linux box Step 7 copied the first linux box keys to the /tmp folder on the second linux box and then copied and renamed it to the ~/.ssh/authorized_key file. Step 8 tried to use scp, but I still get prompted for a password from the second linux box .. I dont know where I have gone wrong, tried several times and same issue. If any one has any ideas that would be great, I'm also not sure if I should be configuring the ssh_config file for any settings? rgds D |
the directory permissions are wrong, they are usually 700, with the files inside, 600. by having 755 it means that anyone can access that directory, making it massively insecure, and therefore ssh sees this and refuses to use it.
|
See here and here
Remember: ssh is very fussy about file permissions. You can see what is (not) happening when you ssh -vvv user@host You are generating a key with a passphrase. I prefer not to use one, then I don't get asked for it. If you get the file permissions on your private keys right, you shouldn't need a passphrase. |
Hmm... here's some clue:
Quote:
Quote:
Quote:
Quote:
If something still goes wrong (and you're still prompted for password) use the -v option of ssh and check the dialog between the local and the remote machine. It should give you some useful information on what's going on. |
A passphrase protects the private key on the client side and has nothing to do with the server you are trying to connect to. It prevents a lost client's key from being used to attack the server.
You can use: eval $(ssh-agent) ssh-add Then you don't need to enter the pass phrase more than once in that session. You can set it up so your system asks for the pass phrase when you log in as well. You also need to check the permissions of your HOME directory. It can't allow others read access. Sometimes a "users" group access is allowed so regular users can share directories easily using samba. It also has the effect that other uses can read files in your HOME directory which I wouldn't recommend. Also read the comments in the /etc/ssh/sshd_config file (on the ssh server side). Just above the "UsePAM Yes" line. It explains two options to disable if you want to use public key authentication. I would also recommend disabling root logins, and using the "AllowUsers <your_username>" option in sshd_config. That will only allow logins from yourself and reject all attempts to log in as a system user. (e.g. http, postfix) |
Thanks very much all for your comments,
I will run through and see how I go....and yes its very fussy to setup, but I guess it has a ssh has security conscience Cheers Dee |
| All times are GMT -5. The time now is 12:19 AM. |