Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-11-2011, 05:57 AM
|
#1
|
Member
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115
Rep:
|
Problem in password-less ssh on 2 servers
Hi Guys,
I was able to setup password-less ssh on two CentOS 5.5 servers, I don't encounter any problem on root account but when I try on another user it fails and ask for a password
This what I've done.
centostest1 = Source
centostest2 = Destination
On Source Server (centostest1)
1. ssh-keygen
2. ssh-copy-id -i id_rsa root@centostest2
ssh-copy-id -i id_rsa user@centostest2
3. Now to test
ssh root@centostest2 <--- no problem, no password needed
ssh user@centostest2 <--- problem, it asked the password for user
Anyone would like to help me and light my path?
|
|
|
04-11-2011, 06:20 AM
|
#2
|
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
Check /etc/ssh/sshd_config file on the servers. Look at the paragraph of instructions above the UsePAM Yes line. It explains the two changes needed to use pubkey authentication. From your message, it looks like you created keys for the clients, but didn't make configuration changes on the server.
Launch ssh with the -vv option (two v's not a w). This will provide more debugging feedback.
One common problem is if the permissions on the user's home directory or the .ssh subdirectory is too permissive.
If you can log into the server using username/password, check the ~/.ssh/authorized_keys file to see if they look OK and the public keys were added.
An entry in sshd_config of "PermitRootLogin without-password" will disable password authentication for root. This could be why users can use password authentication while root can't.
Last edited by jschiwal; 04-11-2011 at 06:22 AM.
|
|
|
04-11-2011, 03:13 PM
|
#3
|
Member
Registered: Apr 2011
Location: Jakarta, Indonesia
Distribution: Fedora, CentOS
Posts: 122
Rep:
|
Quote:
Originally Posted by gurl4sh25
1. ssh-keygen
2. ssh-copy-id -i id_rsa root@centostest2
ssh-copy-id -i id_rsa user@centostest2
3. Now to test
|
This might be out of question a little bit, but I think you should ssh-copy the id_rsa.pub key, not the id_rsa which is the private key.
|
|
|
04-12-2011, 02:18 AM
|
#4
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,417
|
You should also be doing keygen separately for each user.
Ideally you shouldn't login remotely as root, even with ssh-keys
|
|
|
04-12-2011, 02:39 AM
|
#5
|
Member
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115
Original Poster
Rep:
|
Thank you for your replies.
@jschiwal:
Have checked the "PermitRootLogin" on sshd_config and it's commented. As for the
@sibe:
I think the command is right, because when you execute the command ssh-copy-id -i id_rsa root@centostest2 it sends the id_rsa.pub to the remote server.
@chrism01
I have done generating ssh-keygen on "root" user and the other "user". What I've done is
A) on root user
su - root
ssh-keygen
ssh-copy-id -i id_rsa root@centostest2
B) on rsyncusr
su - rsyncusr
ssh-keygen
ssh-copy-id -i id_rsa rsyncusr@centostest2
But still I can login password-less uaing 'root', but not in 'rsyncusr'
Last edited by gurl4sh25; 04-12-2011 at 05:59 AM.
|
|
|
04-12-2011, 05:50 AM
|
#6
|
Member
Registered: Apr 2011
Location: Jakarta, Indonesia
Distribution: Fedora, CentOS
Posts: 122
Rep:
|
Quote:
Originally Posted by gurl4sh25
@sibe:
I think the command is right, because when you execute the command ssh-copy-id -i id_rsa root@centostest2 it sends the id_rsa.pub to the remote server.
|
You're right, thank you for enlightening me
Quote:
B)
on user
su - user
ssh-keygen
ssh-copy-id -i id_rsa rsyncusr@centostest2
But still I can login password-less uaing 'root', but not in 'user'
|
are they different users?
----
sibe
|
|
|
04-12-2011, 05:59 AM
|
#7
|
Member
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115
Original Poster
Rep:
|
Quote:
Originally Posted by sibe
You're right, thank you for enlightening me
are they different users?
----
sibe
|
Ow sorry, a little typo error, actually it's " rsyncusr" not " user"
|
|
|
04-13-2011, 04:42 AM
|
#8
|
Member
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115
Original Poster
Rep:
|
Anyone would like to help me guys?
|
|
|
04-13-2011, 10:30 AM
|
#9
|
Senior Member
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339
|
Did you try the suggested -vvv to ssh?
|
|
|
All times are GMT -5. The time now is 02:18 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|