Networking | Hardware | Software | Multimedia | System | Unix&Linux | MBA

Home>>Unix&Linux>>ssh setup for passwordless login

ssh setup for passwordless login

kd4ttc
04-04-2005, 10:55 PM
I have been working on this all day, googlinga about for an answer, and am stuck. Any help would be appreciated.

In a nutshell, I have set up my work computer to allow access through ssh. I have the root account set up in a way that public-key encryption allows login without needing a password, but another account does not let me log in without a password.

details:

I have set up my machine at work to allow ssh connections without passwords by putting by id_dsa.pub file into the authorized_keys file for both the root and another user account. login to the machine with 'ssh -l root 1.2.3.4' gets in fine as root. However, 'ssh -l sholland 1.2.3.4' doesn't work - I need to enter the password. I have checked and the authorized_keys file has global read enabled, the .ssh directory is executable to root, and the id_dsa.pub file is an entry in authorized_keys.

What might I be missing?

Steve Holland

This is from the verbose form where it did not work: (logging in as sholland)
debug1: Authentications that can continue: gssapi,publickey,password,keyboard-interactive
debug1: Authentications that can continue: gssapi,publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/stephenholland/.ssh/identity
debug1: Trying private key: /Users/stephenholland/.ssh/id_rsa
debug1: Offering public key: /Users/stephenholland/.ssh/id_dsa
debug1: Authentications that can continue: gssapi,publickey,password,keyboard-interactive

This is from the verbose form where it DID work: (logging in as root)
debug1: Authentications that can continue: gssapi,publickey,password,keyboard-interactive
debug1: Authentications that can continue: gssapi,publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/stephenholland/.ssh/identity
debug1: Trying private key: /Users/stephenholland/.ssh/id_rsa
debug1: Offering public key: /Users/stephenholland/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 434 lastkey 0x307030 hint 2
pmccann
04-05-2005, 01:08 AM
Boring suggestions (but both have been known to happen all too frequently):

check that the entry in authorized_keys is a single line. If it's split it won't work.

Also, check that you're connecting using the same hostname that is in that file: I seem to recall that using abbreviations requires a matching entry in there. (That is, if the file has the fully qualified hostname you can't connect passwordlessly with an abbreviated form of the hostname (should, say, the machine be in the same subnet)).

OK, I said they were boring!

Paul
fxt
04-05-2005, 01:23 AM
have you generated a id_dsa.pub file for both users (root and sholland)?
both id_dsa.pub files may be needed in each users authorized_keys file,
depending what you want to do.

fxt
kd4ttc
04-05-2005, 09:15 PM
Out of concern for the above comments I created a user account on the home computer with a short name. (5 characters) I then created a new .ssh directory in the sholland user directory at the work computer. I then used ssh-keygen to create a new public key and installed the key into authorized_keys in the root, sholland, and another account on my computer at work, using

cat ~/.ssh/id_dsa.pub | ssh root@xx.xx.xx.xx 'cat - >> ~/.ssh/authorized_keys'
and used similar constructs substituting other user names for root.

I even established an .ssh directory in another user directory on the office computer. I find I can do passwordless login on root and the other account, but still cannot do passwordless login to the sholland account.

I am pretty stumped here. Is there some configuration file that ssh uses to decide if a user will allow certain types of login?

Steve
fxt
04-07-2005, 12:45 AM
i'm still not convinced by your write-up that you've set this up correctly.

> created a user account on the home computer with a short name.

fine. from this home account cd into the .ssh directory and create the dsa keys.
then you copy the just created id_dsa.pub key for this home account into the
.ssh/authorized_keys file on the root and sholland accounts at work. from the
home account issue the "ssh-agent tcsh" (or whatever shell you use)
and the "ssh-add" commands. can you now login from the home account to
the root and sholland accounts at work without being prompted for the password?

lots of people, myself included, login to multiple machines under multiple accounts
via minor variaations of this process. mucking with the /etc/ssh_config and
/etc/sshd_config files is not necessary.

fxt
 

TOP

Windows Server Outsell
Unix Signals And C++ E

For more info

Unix Signals And C++ E
Windows Server Outsell
ssh setup for password
Bash script does not w
esc code 
ARD send unix command 
question about binarie
Scanning mail 
Issuing multiple comma
How do I install Linux

News Archive

/etc/hosts? 
Manually Start a Start
mounting missed hard d
Using Netinfo in Singl
darwin/bsd login probl
system_profiler and fi
Send mail from script 
mounting a drive 
OS X disk first aid ha
system.log shows steal

Related stories:

Bash script does not work!
esc code
ARD send unix command question
question about binaries
installing Libusb
Issuing multiple commands through SSH
quoting string with single quotes inside?

Copyright@2004-2005 www.zzcoke.com All Right Reserved

advanced web statistics