LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-27-2009, 05:48 AM   #1
mahmoud
Member
 
Registered: Apr 2006
Location: UK
Distribution: Mandriva, Debain, Redhat, Fedora, Ubuntu, FreeBSD
Posts: 269

Rep: Reputation: 30
ssh without password


Hi
i am trying to ssh into one of my servers without a password but it keeps asking me for a passwd
i have set it up on another server and it works fine but this paticular server seem not to work
i have installed openssh client and server,
its a fedora 8 box i have also changed the permissions to 600 on the authorized_keys
copied the id_rsa.pub across each server i can ssh from A to B but i cant ssh from B to A and i have dont the same thing on both i have also checked the sshd_config and its the same config on both
does any one know what can be the problem
 
Old 01-27-2009, 07:22 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
Assuming you're following the basic documentation, for example the article in our LinuxAnswers subsite, then I find the most common gotcha is the permissions on the .ssh directory which should be 600 in order to work.
 
Old 01-27-2009, 07:24 AM   #3
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,528

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
Quote:
ssh without password
Why oh why ?
 
Old 01-27-2009, 08:01 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
Quote:
Originally Posted by repo View Post
Why oh why ?
why say that??

There are *MANY* perfectly good reasons to want to do this, and that is exactly why there are perfectly good methods to achieve exactly that.

Obviously the most basic part of a security policy is to say you must not use blank passwords or such like, but there are often exceptions to the norm, for example automated processes, which are totally valid points at which is it not feasible to enter a password, indeed would be less secure doing so than using a preshared key.
 
Old 01-27-2009, 08:47 AM   #5
Matey
Member
 
Registered: Jan 2009
Posts: 114

Rep: Reputation: 17
You have to setup the rsa key.
ssh-keygen.rsa command will create a certificate that you copy over using scp then u dont have to log in every time. this is a good idea if you are running backups or crontabs when you are not there to input passwords..
look in here for details;
http://kimmo.suominen.com/docs/ssh/

oh BTW;

doing ssh via commandline (terminal) logs or tries to log you in as root user. you have to use another user in many cases because of the security then su or sudo. use -l (small L)like this; (suppose your username is user and that is the IP)

ssh -luser 192.168.1.2
this is for when you cant get in as root.

Last edited by Matey; 01-27-2009 at 08:51 AM.
 
Old 01-27-2009, 09:44 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
Quote:
Originally Posted by Matey View Post
You have to setup the rsa key.
ssh-keygen.rsa command will create a certificate that you copy over using scp then u dont have to log in every time. this is a good idea if you are running backups or crontabs when you are not there to input passwords..
look in here for details;
http://kimmo.suominen.com/docs/ssh/
Well he clearly already knows about this, as he's stating he copied the id_rsa.pub file.
Quote:
doing ssh via commandline (terminal) logs or tries to log you in as root user. you have to use another user in many cases because of the security then su or sudo. use -l (small L)like this; (suppose your username is user and that is the IP)

ssh -luser 192.168.1.2
this is for when you cant get in as root.
No it doesn't, it logs you in as the current user, and so if you are root already it will take that username along. In principle you should not run an ssh process as root in the first place, whether you specify a remote name or not. Certainly using PSK under root *is* nuts. If you are doing PSK for a cron job or something then you'd generally use a dedicated service account to achieve this.
 
Old 01-27-2009, 09:53 AM   #7
Matey
Member
 
Registered: Jan 2009
Posts: 114

Rep: Reputation: 17
Quote:
No it doesn't, it logs you in as the current user, and so if you are root already it will take that username along. In principle you should not run an ssh process as root in the first place, whether you specify a remote name or not. Certainly using PSK under root *is* nuts. If you are doing PSK for a cron job or something then you'd generally use a dedicated service account to achieve this.
If you use GUI interface or PuTTY you have a choice of login in bcs it asks for login name but if you do straight ssh it always asks for password. I believe it is root's password because Linux does not assume all the users on all the systems are the same.
I mean you may be logged in as user10 here but you cant expect for the same user10 to exist on the other machine!
so -l allows you to log in with diff. name.

The cron jobs usually use nobody as user I think? I have seen that in scripts it doesnt really exist

BTW I had the same problem with 1 of my servers and I used that link above to fix it. best doc i have found on the subject...

Last edited by Matey; 01-27-2009 at 09:56 AM.
 
Old 01-27-2009, 09:55 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
No, as above it is the *current* username. It'd be ludicrous to try to log you in as root by default, especially as no well configured ssh server should ever permit a root login. If the user doesn't exist on the other machine then that's tough titties to you isn't it?

It doesn't exist? what doesn't exist?
 
Old 01-28-2009, 07:08 AM   #9
mahmoud
Member
 
Registered: Apr 2006
Location: UK
Distribution: Mandriva, Debain, Redhat, Fedora, Ubuntu, FreeBSD
Posts: 269

Original Poster
Rep: Reputation: 30
thank you all i feel so silly i miss spelt the authorized_keys that was the problem
the most common mistake but thanks for your input
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh without password hk_linux Linux - General 13 11-11-2010 05:20 PM
SSH Without Password toynbee Linux - General 4 03-26-2008 02:33 PM
need help with no password ssh and ssh-agent hedpe Linux - Networking 3 02-08-2007 09:49 PM
SSH without password hywaydave Linux - Security 3 02-02-2005 04:40 AM
ssh password ssudhi Linux - Newbie 6 05-13-2004 10:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration