LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 05-12-2008, 04:15 PM   #1
linuxguy08
Member
 
Registered: Apr 2008
Posts: 155
Blog Entries: 2

Rep: Reputation: 15
ssh for not asking passwd


Hi Guys,


I have a problem of ssh/rsync that should not ask password.
what i have done sofar is ,

there are 2 server , server-a and server-b

from server-b datas need to rsync to server-a, For that, I have id_rsa.pub in sever-a and copied that key into server-b as authorized_keys in /home/oracle/.ssh of server-b
still it ask passwd while logon into server-b
not sure why?
Any help would highly appreciated!!!

Thanks
 
Old 05-12-2008, 05:10 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,780
Blog Entries: 15

Rep: Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630
ssh = secure shell - the operative part being "secure".

Accordingly your ssh setup must be secure or it will continue to ask for password.

A few common reasons it fails:
1) User's home directory is world writable (e.g. -rwxrwxrwx) - chmod 755 the user's home to cure this.
2) The .ssh directory under user's home is world writable or readable (e.g. rwxr--r--). To cure this chmod 700 .ssh.
3) Individual files under .ssh have permissions. You don't want people reading these files.
4) Any of the above are not owned by the user.

Another reason you might see failure has to do with "type". You said you're doing rsa - make sure that is what your ssh is doing by default. It might be necessary to specify type 1 or type on your command line.
 
Old 05-12-2008, 05:37 PM   #3
linuxguy08
Member
 
Registered: Apr 2008
Posts: 155

Original Poster
Blog Entries: 2

Rep: Reputation: 15
Question

yes , I have all appropriate permission has been given as other server have which enable login without password.
 
Old 05-12-2008, 07:18 PM   #4
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979
Try to connect using the -v option of ssh. You will get the exact talking between the two machines useful for debugging. You can improve the debugging level, using -vv or -vvv. In particular look at the output following the line:
Code:
debug1: Next authentication method: publickey
 
Old 05-12-2008, 07:38 PM   #5
linuxguy08
Member
 
Registered: Apr 2008
Posts: 155

Original Poster
Blog Entries: 2

Rep: Reputation: 15
Unhappy

I have copied some part while debugging the ssh..

debug1: Found key in /root/.ssh/known_hosts:7
debug2: bits set: 522/1026
debug1: ssh_dss_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa (0x90f1c78)
debug2: key: /root/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
oracle@10.10.10.7's password:

finally it comes in password..
 
Old 05-13-2008, 02:48 AM   #6
Eazy-Snatch
LQ Newbie
 
Registered: Jan 2005
Posts: 12

Rep: Reputation: 0
Here is one script i use for make ssh pub key without password
Code:
#!/bin/bash     
# This was write only for simple usage 
#Valentin Hristev  Syste and network administrator a.k.a Eazy-Snatch

### Enter username and IP(or hostname) for REMOTE machine
echo -n "Enter remote username: "
read USR
echo -n "Remote username is set to $USR  "
case $usr in
esac
echo ""

echo -n "Enter remote ip/host address: "
read HOST
echo -n "Remote ip/host is set to $HOST  "
case $usr in
esac

#echo -n "Default SSH port is 22 if you want to change it please open ssh_gen with your favourite text editor and change "PORT=" PORT_NUMMER"


echo -n "Enter PORT: "
read PORT 
echo -n "Remote port is $PORT  "
case $usr in
esac

echo -n "Your config is :User = $USR  Host = $HOST Port = $PORT "
 
#PORT="22"
NEWKEY="yes"

# Generate SSH keys RSA 
makekey () {
if [ $NEWKEY == "yes" ]; then
ssh-keygen -t rsa -f ~/.ssh/identity
fi
}

# Check for file "authozed_keys" if file is not there create it.

checkfile () {
if [ -f ~/.ssh/authorized_keys ]; then
touch ~/.ssh/authorized_keys
fi
}

# Check for ".ssh" if dir is not there create it.
upload () {
cat ~/.ssh/identity.pub | ssh -p $PORT $USR@$HOST 'sh -c "if [ ! -d .ssh ] ; then mkdir .ssh ; chmod 700 .ssh ; fi
cat - >>~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"'
echo "Done..................... "
}

## Main Menu
press_enter () {
echo ""
echo -n "Press Enter to continue"
read
clear
}

selection=
until [ "$selection" = "0" ]; do
echo ""
echo "*******PROGRAM MENU"**********
echo "1 - Generate & Upload New Key"
echo "2 - Upload Old Key"
echo ""
echo "0 - exit "
echo ""
echo -n "Enter choose: "
read selection
echo ""
case $selection in
1 ) checkfile ; makekey ; upload ;;
2 ) upload ;;
0 ) exit ;;
* ) echo "Please enter 1, 2 or 0"; press_enter
esac
done

exit 0

#END
 
Old 05-13-2008, 02:51 PM   #7
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,780
Blog Entries: 15

Rep: Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630
On your two hosts and two users type "ls -ld <homedirectory>" and "ls -la <homedirectory>/.ssh"

Also provide the exact command line you're typing to do an ssh from the one host to the other.

As noted before the issue is almost certainly permissions or key types and you didn't say anything about the one except "permissions are OK" and nothing at all about key type tests.

I thought your other thread was asking how to make it prompt for password.

Do NOT post the same question in multiple threads.
 
Old 05-13-2008, 03:14 PM   #8
linuxguy08
Member
 
Registered: Apr 2008
Posts: 155

Original Poster
Blog Entries: 2

Rep: Reputation: 15
server to which i copied authorized_keys

/home/oracle>ls -la /home/oracle/.ssh/
total 32
drwxr-xr-x 2 oracle dba 4096 May 12 08:49 .
drwxr-xr-x 18 oracle dba 4096 Mar 26 11:38 ..
-rw-r--r-- 1 oracle dba 232 May 13 05:16 authorized_keys
-rw------- 1 oracle dba 528 May 12 06:11 identity
-rw-r--r-- 1 oracle dba 332 May 12 06:11 identity.pub
-rw------- 1 oracle dba 963 May 12 08:51 id_rsa
-rw-r--r-- 1 oracle dba 223 May 12 08:51 id_rsa.pub
-rw-r--r-- 1 oracle dba 1111 Jul 11 2005 known_hosts2



/home>ls -ld oracle/

drwxr-xr-x 18 oracle dba 4096 Mar 26 11:38 oracle/

The server from which I copied pub key

[root@server ~]# ls -ld /root/
drwxr-x--- 14 root root 4096 May 13 11:12 /root/

[root@server ~]# ls -la /root/.ssh/
total 28
drwxr-xr-x 2 root root 4096 May 12 16:21 .
drwxr-x--- 14 root root 4096 May 13 11:12 ..
-rw-r--r-- 1 root root 612 May 12 12:45 authorized_keys
-rw------- 1 root root 887 Oct 25 2007 id_rsa
-rw-r--r-- 1 root root 232 May 12 12:43 id_rsa.pub
-rw-r--r-- 1 root root 2533 May 12 16:20 known_hosts

the command for ssh i type
ssh oracle@ipaddr

Thanks
 
Old 05-14-2008, 09:23 AM   #9
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,780
Blog Entries: 15

Rep: Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630
You have read and execute permissions for everyone on the two .ssh directories. ONLY the owner should be able to access the directory.

Type "chmod 700 .ssh" for both of the .ssh directories (while sitting in the parent directory).

AGAIN - ssh will not do "trust" if it doesn't believe it is "secure". It is NOT secure if everyone can read all the keys.
 
Old 05-14-2008, 12:19 PM   #10
linuxguy08
Member
 
Registered: Apr 2008
Posts: 155

Original Poster
Blog Entries: 2

Rep: Reputation: 15
Question

yes still it doesnot work evenafter changing permission 700 to .ssh for both server.
could it be version different? not sure

[root@server ~]# rpm -qa |grep openssh
openssh-askpass-gnome-3.9p1-8.RHEL4.9
openssh-clients-3.9p1-8.RHEL4.9
openssh-askpass-3.9p1-8.RHEL4.9
openssh-3.9p1-8.RHEL4.9
openssh-server-3.9p1-8.RHEL4.9


-------------------------------
/home/oracle>rpm -qa | grep openssh
openssh-askpass-2.9p2-7
openssh-2.9p2-7
openssh-askpass-gnome-2.9p2-7
openssh-server-2.9p2-7
openssh-clients-2.9p2-7
 
Old 05-14-2008, 01:59 PM   #11
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,780
Blog Entries: 15

Rep: Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630Reputation: 1630
Try doing "ssh -1 oracle@ipaddr" then try "ssh -2 oracle@ipaddr".

As noted before it could be a key type specification. It looks like one of your servers is fairly old so it may only do type 1.
 
Old 05-14-2008, 03:13 PM   #12
linuxguy08
Member
 
Registered: Apr 2008
Posts: 155

Original Poster
Blog Entries: 2

Rep: Reputation: 15
Question

tried in both method but no use :-(
 
Old 05-14-2008, 03:26 PM   #13
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979
If it is a protocol issue, as jlightner suggests, try to recreate the keys using
Code:
ssh-keygen -t rsa1
Anyway, support for the SSH2 protocol has been introduced with version 2.0 and by the talking between the two servers, it looks like it is enabled. But you can give it a try.
 
Old 09-03-2008, 11:58 PM   #14
mohdshakir
Member
 
Registered: Jan 2006
Distribution: gentoo, slackware
Posts: 36

Rep: Reputation: 15
This site describe probably the exact solution to what you need:
Automatic backup using rsync

Last edited by mohdshakir; 07-06-2010 at 10:07 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh and passwd asked fjaspart Linux - Networking 3 06-22-2007 02:16 AM
Swat uses PAM but changes linux passwd not samba passwd Peter@KKVS Linux - Networking 0 11-26-2006 04:20 AM
SSH from master node to compute nodes w/out passwd haiders Linux - Networking 2 09-20-2006 11:50 AM
can i change my passwd and login to ssh? pippet Linux - Newbie 1 10-27-2004 01:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration