[SOLVED] Re: Unable to Automate SSH authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Konstantin Svist wrote:
Rahul Tidke wrote:
Hello,
   I am configuring Fedora Core 6 and CentOS5.3 for automatic SSH
authentication, ssh version is OpenSSH_4.3p2, OpenSSL 0.9.8b, I have executed following commands but still both systems prompt me for
passwords instead of using public keys.

ssh-keygen -b 1024 -t dsa (on both hosts with empty pass phrase)
ssh-agent $BASH (on both hosts)
ssh-add /root/.ssh/id_dsa (on both hosts)
created "authorized_keys" file in /root/.ssh directory on both the
hosts and copied (exchanged) id_dsa.pub keys to it.
SSH is open on both the hosts.

Now it should login automatically without prompting for passwords; but
it still prompts for password, what is going wrong here? I have tried
disabling password authentication in /etc/ssh/sshd_config but no help.



I usually set everything up without ssh-agent. All you need is
~/.ssh/config file with
Host host2 192.168.1.2
  IdentityFile ~/.ssh/id_dsa.host2

^ of course assuming the other computer's host name is host2 and IP
address 192.168.1.2

Copy the .pub into host2:~/.ssh/authorized_keys
You can also tell both systems to use the same public/private keypair if
you're not too worried about security. Otherwise, you can delete .pub file

At this point, this should work w/o a password:
host1$ ssh host2

For your particular problem, check permissions of ~/.ssh/ directory --
it should be 700. All the files in it need at least 400, you can set it
to that and still be able to use it without any issues. 600 also works,
as should 640. Anything more permissive, though, will sometimes result
in ssh server refusing to use it (any user might've seen/modified it, etc.)

If you have selinux enabled, check /var/log/messages on the ssh server
-- it will spit out a message when you try to connect using the private key.
The command to fix it is something like "restorecon -R ~/.ssh" Don't
trust me, though -- it should be mentioned in /var/log/messages if you
need to run it. I just turn selinux off.

HTH
I have verified permissions for .ssh directory and they are ok; but I am getting following error in /var/log/messages, it is first attempting to use key authentication and after that password authentication. I think it is unable to read the key, I copy/pasted these keys from command promt, what is wrong here.

Jun 26 12:43:58 matrix sshd[1251]: error: key_read: uudecode AAAAB3NzaC1kc3MAAACBAKmSjy+E8I/3P2HUNHJ/p844rfCULFnUhOPp4PAKnqxJYc+vB3p6kEfR3WFB28csJuWxdKv9fH OOSaSerS2rkanXTQ8JUwbwwktYoftXgtznYwNhqwoPvdpcfzD2Xv4fYhjQSRtWkMPE0lFYgjOrsH88AWa69T4aSGn58TkX6PAAAAFQC BH2DnXuKhyZz4d3iSzxUBY98z8QAAAIAK2QhTbCZuKDRy94ol9CC1+CkzhUA7PB3v/zHugb3RAl\n failed

Thanks.
Rahul

Ohhhhh.....it was my mistake, it was just copy/paste error, copying public keys directly (using right click context menu) from command prompt did not work for me, I should have done it using copy command.

Thanks for your help.

Rahul.


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux