ssh login
Hi all,
I was trying to do password less ssh log-in between two machines with different host name( linux & redhat), and I used the following commands: ssh-keygen –t rsa scp /root/.ssh/id_rsa.pub redhat:/root/.ssh/authorized_keys ---------------------------------- ssh-keygen –t rsa scp /root/.ssh/id_rsa.pub linux:/root/.ssh/authorized_keys ---------------------------------- I am able to log-in from linux to redhat but not able to log-in from redhat to linux without password. please suggest where I am lacking....... |
It could be that root logins using ssh are disabled.
Check the /etc/ssh/sshd_config file and look for this line: PermitRootLogin no you can change that to yes and restart the sshd daemon. BTW: Direct root access from one machine to the other isn't a best practise. You might want to consider login into another host as a normal user and then switch to the root user. |
Hi Druuna,
Thanx for the reply, but this is not the reason as it is already YES: # Authentication: #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes Please suggest what else can be the reason.... |
A few questions:
- Have you checked the PermitRootLogin entry on both machines? - Are you able to ssh both ways, as root (using a password)? - What are the permissions of the /root/.ssh directory and the files inside it (.ssh should be 400 700 and the authorized_keys file should be 600)? |
yes, I checked it on both the machines.
yes, I am able to log-in both ways, but one with password & other password-less. permissions are same for mentioned file & d in both the machines. |
Check your selinux label on the file after copy. It probably would not be as required by selinux
Code:
$ restorecon -Rv ~/.ssh |
If I understand correctly then this works: linux -> redhat
And this does not work: redhat -> linux Can you post the output of the following, from the redhat machine: Code:
ssh -v root@linux |
Hi Druuna,
here is the output, you asked for: [root@redhat ~]# ssh -v root@linux OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to linux [10.216.67.70] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type 1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: loaded 3 keys debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'linux' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:3 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Unknown code krb5 195 debug1: Unspecified GSS failure. Minor code may provide more information Unknown code krb5 195 debug1: Unspecified GSS failure. Minor code may provide more information Unknown code krb5 195 debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Offering public key: /root/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: read PEM private key done: type RSA debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Trying private key: /root/.ssh/id_dsa debug1: Next authentication method: password root@linux's password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 Last login: Thu Nov 7 21:06:08 2013 from 10.216.67.68 [root@linux ~]# |
I don't see anything suspicious (it is a rather old Redhat version, but that shouldn't be a problem).
Maybe something went wrong when you created/copied the public key. Have you tried re-doing those steps. Just to make sure you do all the correct steps: - SSH login without password - SSH Passwordless Login Using SSH Keygen in 5 Easy Steps |
Can you post
Code:
ls -Z ~/.ssh Code:
sestatus |
follow the links in my sig for help.
|
Hi ericson007,
here is the output, you asked for: [root@redhat ~]# ls -Z ~/.ssh -rw-r--r-- root root authorized_keys -rw------- root root id_rsa -rw-r--r-- root root id_rsa.pub -rw-r--r-- root root known_hosts [root@redhat ~]# sestatus SELinux status: disabled [root@redhat ~]# |
Hi Team,
Thanks for the support. But,I guess there was some mistake from my side in executing the commands as I got the desired output when I again performed the task. Output: ------------------------------------- [root@linux ~]# ssh redhat Enter passphrase for key '/root/.ssh/id_rsa': Last login: Thu Nov 7 07:06:40 2013 from linux.testlab.org [root@redhat ~]# ------------------------------------- ------------------------------------- [root@redhat ~]# ssh linux Enter passphrase for key '/root/.ssh/id_rsa': Last login: Thu Nov 7 23:36:19 2013 from redhat.testlab.org [root@linux ~]# ------------------------------------- |
Glad to hear you got it sorted.
|
All times are GMT -5. The time now is 05:13 AM. |