[SOLVED] problem adding ssh keys to skip password prompt
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You need to make sure the authorized_keys file has the correct permissions. It should be chmoded to 600 (user read+write, group and other no perms), as should your ~/.ssh/config file. I think the ~/.ssh directory should be set to perms 700.
i.e. on the remote host
Code:
chmod 600 ~/.ssh/*
chmod 700 ~/.ssh
If your distro distributes it, or if you download it off the net, you could use the ssh-copy-id script which will copy a key to your remote machine's authorized_keys file and set the required permissions.
If you still cannot use public key authentication, try generating an RSA key. I found a few servers (notably my host-co) which only allows ssh public key authentication using an RSA key (not DSA, which my ssh-keygen program creates by default).
Another way to get more information about what is going on might be to try to connect using the -v option to ssh. You can use it multiple times to get more verbose info.
If all these fail, I think it must be a config issue on the host you are connecting to. Make sure the sshd_config which is used is the one you are looking at (consider that your distro might put the working copy in a weird place - locate might be helpful to find it).
Last edited by matthewg42; 08-22-2008 at 10:14 PM.
You need to make sure the authorized_keys file has the correct permissions. It should be chmoded to 600 (user read+write, group and other no perms), as should your ~/.ssh/config file. I think the ~/.ssh directory should be set to perms 700.
i.e. on the remote host
Code:
chmod 600 ~/.ssh/*
chmod 700 ~/.ssh
changing the permission of these files is just for security purpose... it is not mandatory. However, i am using the 600 permission only.
I have already tried two times generating the keys with ssh-kegen -t dsa
as well as ssh-kegen -t rsa both.
The keys runs fine on all servers except some specific ones.
I can feel I am missing something very stupid or some other file which is unexplored by me.
changing the permission of these files is just for security purpose... it is not mandatory. However, i am using the 600 permission only.
I believe that with some ssh implementations it is not optional - public key authentication will not work without the proper permissions. If you do not accept the advice, that is your business.
Are you checking the server files at the server or from a ssh session?
Is it possible that the servers are putting you in a chroot environment and you are not actually seeing the config files. Maybe go to the servers and make changes there.
Something you can try, add this line to /etc/ssh/sshd_config
Banner /etc/issue.net
Restart and login and if the banner did change then you know you are actually working with the correct config file.
I believe that with some ssh implementations it is not optional - public key authentication will not work without the proper permissions. If you do not accept the advice, that is your business.
May be you are right, But the same keys with same permissions are working fine on other servers.
Anyways, thanks.
Something you can try, add this line to /etc/ssh/sshd_config
Banner /etc/issue.net
Restart and login and if the banner did change then you know you are actually working with the correct config file.
I did this, banner changed. I am using the correct config file. God knows where I am wrong.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.