Re: Unable to Automate SSH authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Rahul Tidke wrote:
> Hello,
>    I am configuring Fedora Core 6 and CentOS5.3 for automatic SSH
> authentication, ssh version is OpenSSH_4.3p2, OpenSSL 0.9.8b, I  have 
> executed following commands  but still both systems prompt me for
> passwords instead of using public keys.
>
> ssh-keygen -b 1024 -t dsa (on both hosts with empty pass phrase)
> ssh-agent $BASH (on both hosts)
> ssh-add /root/.ssh/id_dsa (on both hosts)
> created "authorized_keys" file in /root/.ssh directory on both the
> hosts and copied (exchanged) id_dsa.pub keys to it.
> SSH is open on both the hosts.
>
> Now it should login automatically without prompting for passwords; but
> it still prompts for password, what is going wrong here? I have tried
> disabling password authentication in /etc/ssh/sshd_config but no help.
>


I usually set everything up without ssh-agent. All you need is
~/.ssh/config file with
Host host2 192.168.1.2
  IdentityFile ~/.ssh/id_dsa.host2

^ of course assuming the other computer's host name is host2 and IP
address 192.168.1.2

Copy the .pub into host2:~/.ssh/authorized_keys
You can also tell both systems to use the same public/private keypair if
you're not too worried about security. Otherwise, you can delete .pub file

At this point, this should work w/o a password:
host1$ ssh host2



For your particular problem, check permissions of ~/.ssh/ directory --
it should be 700. All the files in it need at least 400, you can set it
to that and still be able to use it without any issues. 600 also works,
as should 640. Anything more permissive, though, will sometimes result
in ssh server refusing to use it (any user might've seen/modified it, etc.)

If you have selinux enabled, check /var/log/messages on the ssh server
-- it will spit out a message when you try to connect using the private key.
The command to fix it is something like "restorecon -R ~/.ssh" Don't
trust me, though -- it should be mentioned in /var/log/messages if you
need to run it. I just turn selinux off.


HTH

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux