Rahul Tidke wrote: > Hello, > I am configuring Fedora Core 6 and CentOS5.3 for automatic SSH > authentication, ssh version is OpenSSH_4.3p2, OpenSSL 0.9.8b, I have > executed following commands but still both systems prompt me for > passwords instead of using public keys. > > ssh-keygen -b 1024 -t dsa (on both hosts with empty pass phrase) > ssh-agent $BASH (on both hosts) > ssh-add /root/.ssh/id_dsa (on both hosts) > created "authorized_keys" file in /root/.ssh directory on both the > hosts and copied (exchanged) id_dsa.pub keys to it. > SSH is open on both the hosts. > > Now it should login automatically without prompting for passwords; but > it still prompts for password, what is going wrong here? I have tried > disabling password authentication in /etc/ssh/sshd_config but no help. > I usually set everything up without ssh-agent. All you need is ~/.ssh/config file with Host host2 192.168.1.2 IdentityFile ~/.ssh/id_dsa.host2 ^ of course assuming the other computer's host name is host2 and IP address 192.168.1.2 Copy the .pub into host2:~/.ssh/authorized_keys You can also tell both systems to use the same public/private keypair if you're not too worried about security. Otherwise, you can delete .pub file At this point, this should work w/o a password: host1$ ssh host2 For your particular problem, check permissions of ~/.ssh/ directory -- it should be 700. All the files in it need at least 400, you can set it to that and still be able to use it without any issues. 600 also works, as should 640. Anything more permissive, though, will sometimes result in ssh server refusing to use it (any user might've seen/modified it, etc.) If you have selinux enabled, check /var/log/messages on the ssh server -- it will spit out a message when you try to connect using the private key. The command to fix it is something like "restorecon -R ~/.ssh" Don't trust me, though -- it should be mentioned in /var/log/messages if you need to run it. I just turn selinux off. HTH -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
