ssh-keygen for auto ssh login not working
 

I followed the information provided on this page to use ssh-keygen to generate ssh keys to allow me to login to some machines on the local network that would not require me to login (because I'm writing a script that needs to ssh into these machines and execute various commands). These machines are running different versions of Linux, including one WindowsXP machine running cygwin.


It worked great for every machine except for one embedded system that is running a minimal version of debian. I copied over the key to it exactly the same as I did for the other machines, but it still requires me to enter a password. I checked permissions and also tried to save the key to .ssh/authorized_keys2 as the webpage suggests, but nothing changed. I don't see any messages at all regarding ssh so I'm unable to really figure out what I should do, and a general web search didn't help me either. Does anyone have an idea of what might be wrong or what I could be missing?


One important distinction is on this machine, when I ssh into it I have to login as root. So I stored my ssh key in /root/.ssh/authorized_keys instead of in a user's local home .ssh folder. I'm wondering if there's something special or different I need to do for ssh'ing in as root as opposed to a normal user.

Also I checked the permissions of .ssh and authorized_keys and they are both correct as far as I know (again, according to the site I linked to in my original post).

Does ssh -vvv ... show any hint of pubkey authentication?

Ah thanks, didn't even know about that ssh option.

/home/militho is on the machine I'm ssh-ing from (that user doesn't exist on the machine I'm ssh-ing to). At a quick glance I don't see it trying to reference any .ssh/authorized_keys file. But just having this information helps a lot, thanks.

The authorized_keys file will be used on the server side. You can limit the kind of authorization with:But it looks like it’s not honored in the server side. Is there any note in /var/log/messages or similar file on the server side about bad permissions?

Doesn't this part of the log:
mean that the server is expecting RSA1, and not finding it. Try creating a RSA1 key.

The most likely cause of this is that you are generating the keys on an ssh-2 machine but your target machine is installed with ssh-1 protocol and never the twain shall meet .....


debug1: Connection established.
debug1: identity file /home/militho/.ssh/identity type -1
debug3: Not a RSA1 key file /home/militho/.ssh/id_rsa. <-----------
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype

I have the output about the failed RSA1 detection all the time I use -vvv and it doesn’t mean the server expect only RSA1, nor prohibits it to log in using RSA2 keys AFAICS, for me it works despite the debug message.

Does that SSH server accept root login?
You can simply verify that in your sshd_config (usually located in /etc/ssh/).
Do you have the parameter "PermitRootLogin yes"?

Hope this helps!

Sorry I've been absent here the past couple of days. I got tied up with some other work.


Yes, the sshd server permits root login. If it didn't I shouldn't be able to login as root as all, right? And I can ssh as root into that machine, just not without requiring a password.


After reading everyone's feedback and going through the ssh-keygen man page, I tried a couple of things and still have the same problem.

So reading through this it seems that it first tried the RSA2 key, which failed like it did last time. Then it tried to do the DSA key, but for some reason doesn't send the packet. and the RSA1 key I generated doesn't seem to be used at all. I'm going to go read through ssh man pages some more to try to figure this out, but in the mean time if anyone has any ideas for what could be going on, I'd appreciate it. Thanks all.

As suggested: can you please check the logfile on the server, e.g. /var/log/messages?

Oops, sorry I skipped over that. There is nothing in /var/log/messages; its simply a blank file. A different company setup this embedded system (it runs some version of Debian) and I have no idea how they have it configured. I didn't see anything else in /var/log that looked like it would contain any useful information.

/root is also not writable by anyone else, as its permission is checked too.

I only know of a setting with the opposite effect: diallow password login for root, but still allow logins by publickey method.

Maybe the location of the authorized_keys file is different. Is there a line like:in /etc/ssh/sshd_config pointing to somewhere else on the embedded system?

There is but its commented out.

Ok, then it’s not used. But usually the default is written in this form and so I assume that the home directory of root is /root on this machine where you put the keys?