LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-11-2011, 05:57 AM   #1
gurl4sh25
Member
 
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115

Rep: Reputation: 15
Problem in password-less ssh on 2 servers


Hi Guys,

I was able to setup password-less ssh on two CentOS 5.5 servers, I don't encounter any problem on root account but when I try on another user it fails and ask for a password

This what I've done.

centostest1 = Source
centostest2 = Destination

On Source Server (centostest1)

1. ssh-keygen
2. ssh-copy-id -i id_rsa root@centostest2
ssh-copy-id -i id_rsa user@centostest2
3. Now to test

ssh root@centostest2
<--- no problem, no password needed
ssh user@centostest2 <--- problem, it asked the password for user

Anyone would like to help me and light my path?
 
Old 04-11-2011, 06:20 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Check /etc/ssh/sshd_config file on the servers. Look at the paragraph of instructions above the UsePAM Yes line. It explains the two changes needed to use pubkey authentication. From your message, it looks like you created keys for the clients, but didn't make configuration changes on the server.

Launch ssh with the -vv option (two v's not a w). This will provide more debugging feedback.

One common problem is if the permissions on the user's home directory or the .ssh subdirectory is too permissive.

If you can log into the server using username/password, check the ~/.ssh/authorized_keys file to see if they look OK and the public keys were added.

An entry in sshd_config of "PermitRootLogin without-password" will disable password authentication for root. This could be why users can use password authentication while root can't.

Last edited by jschiwal; 04-11-2011 at 06:22 AM.
 
Old 04-11-2011, 03:13 PM   #3
sibe
Member
 
Registered: Apr 2011
Location: Jakarta, Indonesia
Distribution: Fedora, CentOS
Posts: 122

Rep: Reputation: 21
Quote:
Originally Posted by gurl4sh25 View Post
1. ssh-keygen
2. ssh-copy-id -i id_rsa root@centostest2
ssh-copy-id -i id_rsa user@centostest2
3. Now to test
This might be out of question a little bit, but I think you should ssh-copy the id_rsa.pub key, not the id_rsa which is the private key.
 
Old 04-12-2011, 02:18 AM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,417

Rep: Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785
You should also be doing keygen separately for each user.
Ideally you shouldn't login remotely as root, even with ssh-keys
 
Old 04-12-2011, 02:39 AM   #5
gurl4sh25
Member
 
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115

Original Poster
Rep: Reputation: 15
Thank you for your replies.

@jschiwal:

Have checked the "PermitRootLogin" on sshd_config and it's commented. As for the

@sibe:

I think the command is right, because when you execute the command ssh-copy-id -i id_rsa root@centostest2 it sends the id_rsa.pub to the remote server.

@chrism01

I have done generating ssh-keygen on "root" user and the other "user". What I've done is

A) on root user
su - root
ssh-keygen
ssh-copy-id -i id_rsa root@centostest2

B) on rsyncusr
su - rsyncusr
ssh-keygen
ssh-copy-id -i id_rsa rsyncusr@centostest2

But still I can login password-less uaing 'root', but not in 'rsyncusr'

Last edited by gurl4sh25; 04-12-2011 at 05:59 AM.
 
Old 04-12-2011, 05:50 AM   #6
sibe
Member
 
Registered: Apr 2011
Location: Jakarta, Indonesia
Distribution: Fedora, CentOS
Posts: 122

Rep: Reputation: 21
Question

Quote:
Originally Posted by gurl4sh25 View Post

@sibe:

I think the command is right, because when you execute the command ssh-copy-id -i id_rsa root@centostest2 it sends the id_rsa.pub to the remote server.
You're right, thank you for enlightening me

Quote:
B)
on user
su - user
ssh-keygen
ssh-copy-id -i id_rsa rsyncusr@centostest2

But still I can login password-less uaing 'root', but not in 'user'
are they different users?


----
sibe
 
Old 04-12-2011, 05:59 AM   #7
gurl4sh25
Member
 
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by sibe View Post
You're right, thank you for enlightening me



are they different users?


----
sibe
Ow sorry, a little typo error, actually it's "rsyncusr" not "user"
 
Old 04-13-2011, 04:42 AM   #8
gurl4sh25
Member
 
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115

Original Poster
Rep: Reputation: 15
Anyone would like to help me guys?
 
Old 04-13-2011, 10:30 AM   #9
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339

Rep: Reputation: 260Reputation: 260Reputation: 260
Did you try the suggested -vvv to ssh?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Password-less SSH problem TronCarter Solaris / OpenSolaris 6 02-04-2010 04:31 PM
SSH / FTP Issue - Problem connecting between two identical servers bppilot Linux - Networking 1 09-13-2007 01:18 AM
LXer: SSH your Debian servers without password LXer Syndicated Linux News 0 12-30-2006 06:21 AM
URGENT ::: Problem with ssh using without password amitkanodia Linux - Security 8 12-29-2005 09:52 AM
Problem setup SSH tunnel over multiple servers dussel Linux - Networking 5 07-29-2005 09:51 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration