ssh login using keys

bittus · 11-29-2007, 11:42 AM

I am trying to make my server accessible without trying password. But now I faced severe issues.

I made rsa.pub keys from client machine and appended it to authorized_keys of server. Restarted sshd also. But wen i try to login, it asks me for password

another thing i found from my /var/log/messages file is :

sshd[4283]: Parsing authorization file /root/.ssh2/authorization resulted in error (user root tried to authenticate)

sometimes wen i try to restart sshd, it crashed and i was thrown out of the server. Then i need to rlogin and then restart sshd. After the second restart of sshd, it works fine.

can any1 help me on this?

marozsas · 11-29-2007, 01:42 PM

Is this a fedora box ?
If yes, look for a message like this in /var/log/secure:

Code:

sshd[6013]: Authentication refused: bad ownership or modes for file /home/jonhdoe/.ssh/authorized_keys

if you are getting this message, fix the permissions of your .ssh/authorized_keys file with :

Code:

$ chmod 0700 ~/.ssh
$ chmod 0600 ~/.ssh/*

cojo · 11-29-2007, 08:56 PM

did you create the key from the client machine or server? If you want to access your server without password from the client machine. You will need to create the key on the server then scp the id_rsa.pub key your client machine authorized_key file.

jschiwal · 11-29-2007, 09:05 PM

Besides adding the keys to the respective authorized_keys files, you may need to disable PAM integration in /etc/ssh/sshd_config. Also check if root logins are disabled.

First decide whether root access is worth the risk.
The most secure way of doing this is to create the keys on the server with passphrases and run ssh-keyring to hold the passphrase on the client.

The man page for ssh has the details. The ssh_config and sshd_config files also have their own man pages.

pccdrussell · 11-29-2007, 09:30 PM

For me personally, this is the easiest way, it sounds like you already have your client keys made, but will put it all in for future people that stumble upon this thread....
On your client machine, run the following..

Code:

ssh-keygen -t rsa

(You can put in a passphrase if desired, I would recommend it)
then

Code:

cd ~/.ssh

you can run ls to verify your keys are in there.
then next

Code:

ssh-copy-id -i id_rsa.pub user@host

**Note- user@host example would be joe@10.1.1.1 (where 10.1.1.1 is the remote IP and joe is the remote user you want to login as without using a password) This will prompt your for joe@10.1.1.1's password to verify and from there on out it will not prompt you for a password when you ssh to joe@10.1.1.1. If you created a passphrase for your client keys, it will prompt you for the passphrase you created when you issue #ssh joe@10.1.1.1 not the "password"
I hope that all made sense. Another note, you may also use DSA rather than RSA if you prefer, just substitute "dsa" where I put "rsa"

LlNUX · 11-30-2007, 06:55 AM

Here you can find quick how to exchange public and private keys for ssh .
Passwordless ssh - public and private keys

hope this helps