LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   SSH login with no passwords for distributed program on red hat (https://www.linuxquestions.org/questions/linux-newbie-8/ssh-login-with-no-passwords-for-distributed-program-on-red-hat-744961/)

chrisjemma 08-04-2009 04:37 AM
SSH login with no passwords for distributed program on red hat
 
Hello,

I'm using a program on a group of servers which contact each other using SSH.

I've got the authentication keys setup with no password and the keys are on each box. But when one box tries to connect to another it wants the password for the user it's trying to communicate with.

So the main problem is there is a lot of communicating within this program so it's important to allow each box communicate with each other without the use of a password.

Does anyone have a solution?

I'm using OpenSSH 4.3 with OpenSSL 0.9.8 on Red Hat Enterprise Linux Server 5.3 (Tikanga).
I'm also using SSH on Ubuntu(Intrepid) to connect to these servers at the mo as i don't have direct access to the boxes.

Thanks

Chris Jemma

acid_kewpie 08-04-2009 06:30 AM
Well either the preshared keys are working or they're not. you say it's "setup" which would suggest it's tested and working, no?

Not a networking question, moved to Linux - Newbie.

chrisjemma 08-05-2009 03:03 AM
Thanks, well i've found the problem now.

It was a mixture of permissions and sshd-config problems.

If anyone wants a quick guild on how i eventually got password less access across the boxes then pm me and i'll send it to you.

Thanks

Chris Jemma

acid_kewpie 08-05-2009 04:23 AM
Well these are guides already on this site for generic help. Personally I see most setups failing when the ownership of ~/.ssh is not set to 600.

marina_28d 08-13-2009 12:53 PM
chrisjemma,
I am looking for this details. Can you please get me the information to my mail id?

chrism01 08-13-2009 06:20 PM
It would be more in the spirit of LQ if you posted it here for the edification of all.

acid_kewpie 08-14-2009 04:39 AM
Well there are many many perfectly good guides around, including an excellent one in our Linux Answers section.

chrisjemma 08-14-2009 05:05 AM
Passphraseless and Passwordless Guide
 
Just as a warning, it's not recomended that you set up passphraseless and passwordless SSH communication but this is how i did it. In this guide passphrase is referring to the SSH passphrase and password refers to the users password.
  1. sshd_config

    Open "/etc/ssh/sshd_config" in your selected text editor, i used 'vi' because i only had a terminal to work with and also it highlights used options and darkens commented out options.

    The options i have highlighted in my sshd_config file are the following:

    Code:
    Protocol 2
    SyslogFacility AUTHPRIV
    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile .ssh/authorized_keys
    PasswordAuthentication yes
    ChallegeReponseAuthentication no
    UsePam no
    Then anymore options underneath 'UsePam' can be left alone for this to work. But do not comment out 'AcceptEnv' or 'Subsystem' values, i'm not sure what they do but they look important!

    To restart sshd, run the command

    Code:
    /etc/init.d/sshd restart
    If your using ssh to the machine that your configuring the above command will not stop your connection.

  2. id_rsa.pub and authorized_keys

    First you need to make sure that your logged into the user which will be sending or receiving communications so you create the keys for the right user. Change the directory to $HOME (e.g. /home/<user name>/). The line "ssh-keygen -t rsa" starts creating a SSH Key which is used to set the directory the key is saved to, just press enter to use default, and it is used to set the passphrase to commnicate with the machine, again just hit enter twice since we don't want a passphrase. Next step is optional but for the program i was using the machine had to communicate with itself using ssh. So ".ssh/id_rsa.pub >> .ssh/authorized_keys" takes the SSH key we just created and appends it to authorized_keys, the file that was specified earlier in sshd_config.

    Code:
    su <user name>
    cd $HOME
    ssh-keygen -t rsa
    .ssh/id_rsa.pub >> .ssh/authorized_keys
    Repeat the above code in a terminal on each node which will be part of the network.

  3. Key Sharing

    The next step is to share the 'id_rsa.pub' key to the other nodes that will be contacting the current node. You can move the key how ever you want but due to certain restrictions i had to use 'scp'. It's rather simple to use and can come in real handy when you need to quickly transfer something. The basic syntax is
    Code:
    scp <user>@<host_address>:<source_file> <user>@<host_address>:<destination_file>
    So for example...
    Code:
    scp chris@master:/home/chris/.ssh/id_rsa.pub chris@slave1:/home/chris/.shh/chrismaster_rsa.pub
    The end file can be called whatever you want but in this case i've called it something topical to what i'm doing.

    On the other machine you want to go to the $HOME directory and append the SSH key file to the authorized_keys. Here's an example following the above scp code above.

    Code:
    cd $HOME
    .ssh/chrismaster_rsa.pub >> .ssh/authorized-keys
  4. Permissions

    Permissions is the bit that stumped me but i didn't relise it was a problem until scouring many forums and other guides.

    The Permissions that work for me are the following

    Code:
    cd $HOME
    chmod go-w .
    cd .ssh
    chmod 700 .
    chmod 600 *
    I'm not entirely sure about these permissions but after this has been done on every node you'll be able to ssh or scp to anynode without SSH passphrases and user passwords

JMCraig 07-16-2010 01:01 PM
In case anyone's following these steps--beware typo
 
Note that in this point (last entry in Step 3 above), there's a hyphen where there should be an underscore:

It says
Code:
cd $HOME
.ssh/chrismaster_rsa.pub >> .ssh/authorized-keys
Target of >> (append) operator should be:

.ssh/authorized_keys


All times are GMT -5. The time now is 04:18 PM.