ssh key to acces without password error
Hello everyone,
I´m need connect without password to other host. I´m using the following commands: Code:
[root@pluton3 .ssh]# ssh-copy-id -i /home/nagios/.ssh/id_dsa.pub nagios@10.58.79.121 -rw------- 1 nagios nagios 1.2K Jun 21 10:25 authorized_keys -rw-r--r-- 1 nagios nagios 394 Jun 20 11:56 id_rsa.pub When I try to connect via ssh with the user the host requires the password. OS: RHEL 6.9 Thank you in advance I hope not forget any relevant data. |
Hi,
The issue is maybe related to the parent directories permissions. Check them and try again. Check also that the id_rsa.pub of the origin server match with the content of the authorized_keys of the destiny server. BR. |
Code:
600 ~/.ssh/id_rsa |
You did check the directory ~/.ssh but not the permissions on ~/ itself. Check that please.
|
Thanks for the replies.
origin host: drwxrwx--- 2 nagios nagios 4,0K jun 21 13:13 .ssh destiny host: drwxr-xr-x 2 nagios nagios 4.0K Jun 21 14:39 .ssh If I use -vvv show the following traces: Quote:
In other host (clon of this) works perfectly and comunicate with the origin without password. Thank you again I continue try things |
Try removing group write permission on the home folders. You list ONE instance above where group writes are allowed.
IF that does not suffice, check the sshd log entries for clues. |
Client:
Code:
stat --printf "%a %n \n" ~/.ssh/ ~/.ssh/known_hosts ~/.ssh/id_rsa Code:
755 /home/jj/.ssh/ Code:
stat --printf "%a %n \n" ~/.ssh/ ~/.ssh/authorized_keys Code:
700 /root/.ssh/ either one or more of those files:perms:ownership are incorrect, or contents of ~/.ssh/id_rsa are "off" or it was genned with a key, and there's the xFactor, stuff I forgot. I'd try something with a new key, eg: on your client host. Like: Code:
ssh-keygen -f ~/.ssh/nagios -t rsa -N '' -b 4096 -q -C "Nagios key made on $(date +"%F") Comment for the file is and will be "Nagios key made on yyyy-mm-dd" (depending?) then as root: Code:
ssh-copy-id -i /home/businesscat/.ssh/nagios.pub nagios@10.58.79.121 using Code:
stat --printf "%a %n \n" /home/nagios/.ssh/ /home/nagios/.ssh/authorized_keys Familiar with chmod? Hope that helps! And check /var/log/auth.log or /var/log/secure...? on 10.58.79.121 for signs. Have Fun! |
OK, I am seeing multiple checks of .ssh folders, but the PARENT folder is also critical.
IE: for root check the /root folder. for jj check the /home/jj folder. for checking the remote nagios user folder you can Code:
ssh nagios@<nagios server name or address> 'ls -ld .' NOTE: whoever set up the nagios server MAY have disabled key authentication for security. I might. |
As others have asked, verify the permissions of the directories involved. On the destination host:
Code:
ls -lhd /home/ Quote:
However, there are several comments to make: It looks like there may be a problem with the keys themselves. Please show the steps you used to generate them. If you 'borrowed' existing keys from another host, then stop and generate unique keys for this one. e.g. Code:
But you are using ancient versions of OpenSSH on both the client and the server. What assurances do you have that they are properly patched? Or what is the most recent version you can get in your backport repository? Lastly, please don't run this all as root. At best, it complicates dealing with the file placement and file permissions. |
Quote:
DESTINATION HOST: user (on etc/passwd) nagios:x:498:499::/var/spool/nagios:/bin/bash Code:
[root@DESTINATION HOST ~]# ls -lhd /var/ SOURCE HOST: nagios:x:503:503:Nagios:/home/nagios:/bin/bash Code:
[root@SOURCEHOST ~]# ls -lhd /home/ Quote:
Code:
[root@SOURCEHOST ~]# rpm -qa | grep ssh This is the prompt of the generation of the sshkeys : Code:
[root@SOURCEHOST .ssh]# ssh-copy-id -i /home/nagios/.ssh/id_dsa.pub nagios@DESTINATION HOST |
Quote:
I see the followings lines when I try to connect via ssh with the user: Code:
Jun 22 12:33:01 DESTINY HOST sshd[16873]: Authentication refused: bad ownership or modes for directory /var/spool/nagios |
The key format issue should be investigated, but you have good advice on that already and I will not address it.
The file and folder permissions: SOURCE: /home/nagios/.ssh has 770 permissions, and it should have 700 permissions. (750 may also work, but 770 will disallow key authentication unless an over-ride of the default settings has been installed) No files under .ssh should have write permissions for anyone other than the user. DESTINATION: /var/spool/nagios should have something like 755 (or 750) permissions not 770. Why are the versions here so far backlevel? Is this a very old server? Is it maintained? When were updates last applied? There have been a TON of improvements and security patches since that version. Running a version that old would worry me. |
Quote:
it works! Code:
[nagios@SOURCE .ssh]$ ssh nagios@DESTINATION Thank all so much! and sorry for the stupid issue. |
All times are GMT -5. The time now is 05:31 AM. |