Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a problem of ssh/rsync that should not ask password.
what i have done sofar is ,
there are 2 server , server-a and server-b
from server-b datas need to rsync to server-a, For that, I have id_rsa.pub in sever-a and copied that key into server-b as authorized_keys in /home/oracle/.ssh of server-b
still it ask passwd while logon into server-b
not sure why?
Any help would highly appreciated!!!
ssh = secure shell - the operative part being "secure".
Accordingly your ssh setup must be secure or it will continue to ask for password.
A few common reasons it fails:
1) User's home directory is world writable (e.g. -rwxrwxrwx) - chmod 755 the user's home to cure this.
2) The .ssh directory under user's home is world writable or readable (e.g. rwxr--r--). To cure this chmod 700 .ssh.
3) Individual files under .ssh have permissions. You don't want people reading these files.
4) Any of the above are not owned by the user.
Another reason you might see failure has to do with "type". You said you're doing rsa - make sure that is what your ssh is doing by default. It might be necessary to specify type 1 or type on your command line.
Try to connect using the -v option of ssh. You will get the exact talking between the two machines useful for debugging. You can improve the debugging level, using -vv or -vvv. In particular look at the output following the line:
debug1: Found key in /root/.ssh/known_hosts:7
debug2: bits set: 522/1026
debug1: ssh_dss_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa (0x90f1c78)
debug2: key: /root/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
oracle@10.10.10.7's password:
Here is one script i use for make ssh pub key without password
Code:
#!/bin/bash
# This was write only for simple usage
#Valentin Hristev Syste and network administrator a.k.a Eazy-Snatch
### Enter username and IP(or hostname) for REMOTE machine
echo -n "Enter remote username: "
read USR
echo -n "Remote username is set to $USR "
case $usr in
esac
echo ""
echo -n "Enter remote ip/host address: "
read HOST
echo -n "Remote ip/host is set to $HOST "
case $usr in
esac
#echo -n "Default SSH port is 22 if you want to change it please open ssh_gen with your favourite text editor and change "PORT=" PORT_NUMMER"
echo -n "Enter PORT: "
read PORT
echo -n "Remote port is $PORT "
case $usr in
esac
echo -n "Your config is :User = $USR Host = $HOST Port = $PORT "
#PORT="22"
NEWKEY="yes"
# Generate SSH keys RSA
makekey () {
if [ $NEWKEY == "yes" ]; then
ssh-keygen -t rsa -f ~/.ssh/identity
fi
}
# Check for file "authozed_keys" if file is not there create it.
checkfile () {
if [ -f ~/.ssh/authorized_keys ]; then
touch ~/.ssh/authorized_keys
fi
}
# Check for ".ssh" if dir is not there create it.
upload () {
cat ~/.ssh/identity.pub | ssh -p $PORT $USR@$HOST 'sh -c "if [ ! -d .ssh ] ; then mkdir .ssh ; chmod 700 .ssh ; fi
cat - >>~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"'
echo "Done..................... "
}
## Main Menu
press_enter () {
echo ""
echo -n "Press Enter to continue"
read
clear
}
selection=
until [ "$selection" = "0" ]; do
echo ""
echo "*******PROGRAM MENU"**********
echo "1 - Generate & Upload New Key"
echo "2 - Upload Old Key"
echo ""
echo "0 - exit "
echo ""
echo -n "Enter choose: "
read selection
echo ""
case $selection in
1 ) checkfile ; makekey ; upload ;;
2 ) upload ;;
0 ) exit ;;
* ) echo "Please enter 1, 2 or 0"; press_enter
esac
done
exit 0
#END
On your two hosts and two users type "ls -ld <homedirectory>" and "ls -la <homedirectory>/.ssh"
Also provide the exact command line you're typing to do an ssh from the one host to the other.
As noted before the issue is almost certainly permissions or key types and you didn't say anything about the one except "permissions are OK" and nothing at all about key type tests.
I thought your other thread was asking how to make it prompt for password.
Do NOT post the same question in multiple threads.
If it is a protocol issue, as jlightner suggests, try to recreate the keys using
Code:
ssh-keygen -t rsa1
Anyway, support for the SSH2 protocol has been introduced with version 2.0 and by the talking between the two servers, it looks like it is enabled. But you can give it a try.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.