problem with ssh key-based authentication

kaplan71 · 12-08-2009, 08:19 AM

Hi there --

I have a key-based authentication set up for the root account between two of our servers, and it has been working without issue for quite some time. I wanted to set up a similar configuration for a 'regular' user account between the same two servers.

I went through the motion of running the ssh-keygen utility with the following syntax as the user in question:

Code:

ssh-keygen -t rsa

I made sure there were no passphrases by hitting the <enter> key when prompted. Once that was done, I copied the newly created public key from the source to the destination computer using the command syntax shown below:

Code:

ssh user@remotehost “cat >> ~/.ssh/authorized_keys” < ~/.ssh/id_rsa.pub

Once that was done, I should have been able to log into the remote host without being prompted without a password, but that was not the case.

Why would the root account be able to log in using public/private key authentication, and a 'regular' user account cannot to the same?

beadyallen · 12-08-2009, 08:22 AM

Check the permissions on .ssh/authorized_keys. It's got to be 600, so

Code:

chmod 600 .ssh/authorized_keys

will probably fix it.
Also, make sure the key did get into the authorized_keys file properly. I'm not sure, but how did you enter the password when stdin was supplied from the id_rsa.pub file?

zordrak · 12-08-2009, 08:39 AM

Quote:

Originally Posted by kaplan71

Code:

ssh user@remotehost “cat >> ~/.ssh/authorized_keys” < ~/.ssh/id_rsa.pub

Just FYI, depending on your distribution you should be able to achieve the same result with "ssh-copy-id".

With regard to the initial problem, again the distro you use can affect the difficulty of getting key-based auth working; esp if PAM gets involved.

Web31337 · 12-08-2009, 12:03 PM

i had trouble of that kind when i corrupted my /etc/passwd or /etc/shadow.
did you make any changes in those manually? i was unable to passwd and log in through ssh with or without password to any user but last created by useradd.
that could be a problem perhaps...

evo2 · 12-08-2009, 06:02 PM

I think there are many things that could cause this type of behavior. So, you need to look at the debug information ssh will give you if you ask for it.

Reading /var/log/auth.log (or similar for your dist) and running in verbose moded (ssh -vvv) on the client are the first things I do debug ssh problems like this.

If I can't get the answers I need from the above, the next thing I try is running sshd in debug mode (sshd -d) on the server, and then try to ssh to that instance of sshd: this provides much more server side debug info than what you normally get in /var/log/auth.log.

Cheers,

Evo2.

kaplan71 · 12-09-2009, 10:34 AM

Hi there --

The problem was with the permissions of the authorized_keys file. Once I changed the settings to 600, the problem did not recur. Thanks again to everyone for the help.