ssh key to acces without password error
 

Hello everyone,

I´m need connect without password to other host. I´m using the following commands:



in the other host (10.58.79.121) show the following files on /var/spool/nagios/.ssh :


-rw------- 1 nagios nagios 1.2K Jun 21 10:25 authorized_keys
-rw-r--r-- 1 nagios nagios 394 Jun 20 11:56 id_rsa.pub


When I try to connect via ssh with the user the host requires the password.

OS: RHEL 6.9

Thank you in advance

I hope not forget any relevant data.

Hi,

The issue is maybe related to the parent directories permissions.
Check them and try again.
Check also that the id_rsa.pub of the origin server match with the content of the authorized_keys of the destiny server.

BR.

You did check the directory ~/.ssh but not the permissions on ~/ itself. Check that please.

Thanks for the replies.

origin host:

drwxrwx--- 2 nagios nagios 4,0K jun 21 13:13 .ssh


destiny host:

drwxr-xr-x 2 nagios nagios 4.0K Jun 21 14:39 .ssh


If I use -vvv show the following traces:





In other host (clon of this) works perfectly and comunicate with the origin without password.

Thank you again

I continue try things

Try removing group write permission on the home folders. You list ONE instance above where group writes are allowed.

IF that does not suffice, check the sshd log entries for clues.

Client:
spews
Server:
spews
NOTE: I don't have a nagios user, so You will have to "adjust" as needed.
either one or more of those files:perms:ownership are incorrect, or
contents of ~/.ssh/id_rsa are "off" or it was genned with a key, and there's the xFactor, stuff I forgot.

I'd try something with a new key, eg: on your client host. Like:
which is ssh.fu for strong key.
Comment for the file is and will be "Nagios key made on yyyy-mm-dd" (depending?)
then as root:
if you are prompted for a password, head on over to 10.58.79.121 using another identity, or method. and check /home/nagios/.ssh and under for owner:group:permissions
using
NOTE: IDK if/where the nagios user $HOME "is", so that's homework? :)

Familiar with chmod?

Hope that helps!
And check /var/log/auth.log or /var/log/secure...? on 10.58.79.121 for signs.

Have Fun!

OK, I am seeing multiple checks of .ssh folders, but the PARENT folder is also critical.
IE: for root check the /root folder. for jj check the /home/jj folder.
for checking the remote nagios user folder you can You will have to enter the nagios password, but then it should output the nagios home folder stats with permissions.

NOTE: whoever set up the nagios server MAY have disabled key authentication for security. I might.

As others have asked, verify the permissions of the directories involved. On the destination host:

Then on the source host do similar except for the last line.

Thanks. That output helps.

However, there are several comments to make:

It looks like there may be a problem with the keys themselves. Please show the steps you used to generate them. If you 'borrowed' existing keys from another host, then stop and generate unique keys for this one. e.g.

Also, RSA1 and DSA keys have long since been deprecated. They are unsafe against modern computing power. There should not be any of either type anywhere on either your source or destination hosts. Newer versions of OpenSSH actively ignore such key types.

But you are using ancient versions of OpenSSH on both the client and the server. What assurances do you have that they are properly patched? Or what is the most recent version you can get in your backport repository?

Lastly, please don't run this all as root. At best, it complicates dealing with the file placement and file permissions.

DESTINATION HOST:

user (on etc/passwd) nagios:x:498:499::/var/spool/nagios:/bin/bash

/home/nagios/ doesn´t exists

SOURCE HOST:

nagios:x:503:503:Nagios:/home/nagios:/bin/bash

In this moment:


In another host (with the same template of DESTINATION HOST) works fine

This is the prompt of the generation of the sshkeys :

Thanks Habitual!

I see the followings lines when I try to connect via ssh with the user:

I´m checking it now

The key format issue should be investigated, but you have good advice on that already and I will not address it.

The file and folder permissions:
SOURCE: /home/nagios/.ssh has 770 permissions, and it should have 700 permissions. (750 may also work, but 770 will disallow key authentication unless an over-ride of the default settings has been installed) No files under .ssh should have write permissions for anyone other than the user.

DESTINATION: /var/spool/nagios should have something like 755 (or 750) permissions not 770.
Why are the versions here so far backlevel? Is this a very old server? Is it maintained? When were updates last applied?
There have been a TON of improvements and security patches since that version. Running a version that old would worry me.

and this is it!!!

it works!


I hope, in the future, we can delete this host (SOURCE) and create again other host updated and clean.

Thank all so much!

and sorry for the stupid issue.