ssh passwordless login from windows to linux fails

elbek · 02-17-2017, 10:36 AM

I am sure this has been asked many times, for some reason I have still problem with getting it to work.

I have a generated public and private key on my windows machine and copied the public key:

Code:

    ssh-copy-id -i ~/.ssh/id_rsa.pub ekamolid@host

then on the server I did:

Code:

    chmod 700 .ssh
    chmod 644 authorized_keys

on local machine I run:

Code:

    chmod 700 id_rsa

`sshd_config` file has:

Code:

 - `RSAAuthentication yes`
 - `PubkeyAuthentication yes`

I restarted ssh server on remote server.

when try:

Code:

ssh ekamolid@host

I get following error in `/var/log/secure`:

Code:

> Feb 17 06:36:56 bur00cpw sudo: pam_unix(sudo:auth): authentication failure; logname=ekamolid uid=0 euid=0 tty=pts/3 ruser= rhost=  user=ekamolid

running ssh in debug mode is giving
Failed publickey for user from ...

What am I missing here?

suicidaleggroll · 02-17-2017, 11:26 AM

How are you sshing from the Windows machine? Cygwin or ...?

Code:

chmod 644 authorized_keys

needs to be

Code:

chmod 600 ~/.ssh/authorized_keys

Your home directory also needs to be locked down

Code:

chmod 750 ~

(more restrictive than 750 is fine, but less restrictive is not)

elbek · 02-17-2017, 11:48 AM

I using git bash, I have open ssh installed on windows side, so I tried with windows command line ssh command with the same result. I have corrected the permission as you outlined without any luck. What are the other trouble shooting steps to dig more into?

Thanks for your help!

suicidaleggroll · 02-17-2017, 11:55 AM

I know absolutely nothing about openssh on the Windows command line. Does it even have a ~/.ssh directory with keys inside? "~/" is not a valid location on the Windows filesystem. How did you generate the keys?

On the Linux system, try generating a key and adding it to the authorized_keys file, then see if you can ssh to yourself without a password

Code:

ssh-keygen -t rsa  # keep hitting enter through the prompts to take the default values
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh localhost

If that works, you know the server is configured correctly, then you can focus on the Windows side.

elbek · 02-17-2017, 12:00 PM

I did exactly the same way to generate keys, using git bash.

Code:

ssh-keygen -t rsa

then copy the public key to remote linux machine.

I tried to login to localhost public/private keys and it worked fine.

Looks like issue is on the windows side.

sundialsvcs · 02-17-2017, 12:26 PM

Windows does have a perfectly-serviceable SSH client that is called putty. I have successfully used it to connect back-and-forth between Linux and Windows for many years. "It's just ... Win-doze ... that's all."

There are (of course) various differences. I found this site which seems to cover the subject well: https://devops.profitbricks.com/tuto...ty-on-windows/

Quote:

SSH can handle authentication using a traditional username and password combination or by using a public and private key pair. The SSH key pair establishes trust between the client and server, thereby removing the need for a password during authentication. While not required, the SSH private key can be encrypted with a passphrase for added security.

The PuTTY SSH client for Microsoft Windows does not share the same key format as the OpenSSH client. Therefore, it is necessary to create a new SSH public and private key using the PuTTYgen tool or convert an existing OpenSSH private key.

elbek · 02-17-2017, 12:29 PM

The purpose is we are given windows machine which should do build automatically and deploy artifact to list of linux machines, I was given user name and public private keys for the user. the passwordless login happens during deployment which uses plain ssh command to do this, for this I should get plain ssh command working from windows console. Maybe there are other options I am missing, but this is the approach I am taking now.

Thanks.

r3sistance · 02-19-2017, 10:59 AM

Still not seen a confirmation on what you are using to connect from Windows to Linux. If this is putty, then you need to convert the private keys to .ppk format to be able to use them with the putty client.

elbek · 03-10-2017, 08:29 AM

Sorry for late response back, It had to do with windows itself, I installed cygwin and passed the right key with -i and worked fine.

BTW, at home I installed fedora for personal use, so I expect to be active here more often.
Thanks for all your help.