> Cameron Simpson wrote: > >> | When I ssh into machine B from machine A, I am asked for my password. >> | But when I ssh into A from B, I am not. >> | >> | In both cases, id_rsa.pub from the other machine >> | has been added to authorized_keys . >> | And I see no difference in sshd_config or ssh_config . >> | >> | So why am I asked for my password when ssh-ing into B? >> >> Examine /var/log/secure on machine B. It should shed some light on >> things. Also do your ssh with the -v option - you should see which >> authentication methods are being attempted. If your key is not being >> used, that will be apparent then. If it is being used but rejected, that >> will be apparent and the /var/log/secure file on machine B should say >> why. I presume you're using an ssh-agent? > > Thanks very much. > > On looking at /var/log/secure on machine B I read: > ----------------------------- > Feb 23 12:47:19 blanche sshd[18050]: Authentication refused: bad ownership > or modes for file /home/tim/.ssh/authorized_keys > Feb 23 12:47:22 blanche sshd[18050]: Accepted password for tim from > 192.168.2.1 port 41431 ssh2 > ----------------------------- > > When I looked at .ssh/authorized_keys I saw that it had mode 664 > (ie with group write permission). > After changing this to mode 644, I am able to login without password. Usually, permissions of 600 or 700 will do...644 makes the file world readable, and that's not necessarily a good thing...however, it looks like you're back where you need to be. Out of curiosity, what were the permissions on the file before you ran th chmod command? -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org To be notified of updates to the web site, visit: https://www.bubbanfriends.org/mailman/listinfo/site-update or send a blank email message to: site-update-subscribe@xxxxxxxxxxxxxxxxx
