setting up passwordless ssh connections
Eliezer Ramm
lazerramm at yahoo.com
Sun Aug 7 15:39:16 UTC 2005
Hi,
I am trying to setup passwordless ssh connections
so far i have
1) created rsa private/public keys
2) copied the public key (id_rsa.pub) to the machine i
want to connect to and renamed it authorized_keys in
the .ssh dir
when i try to connect it still asks me for the
password
ssh -v tells me a few things -
Next authentication method: publickey
* that's good*
debug1: Trying private key:
/home/username/.ssh/identity
debug1: read PEM private key done: type RSA
*wonderfull! it is reading the client side private
key*
then.........
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Offering public key:
/home/username/.ssh/id_rsa
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Offering public key:
/home/username/.ssh/id_dsa
then it goes to password :(
it never looks for the authorized_key file. i have
even place id_rsa in my .ssh dir on the server and
even renamed id_rsa.pub to id_rsa on the server but
nothing helps.
so I looked at the server config and changed from the
FC defaults to
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
interesting enough when sshd was restarted from the
init.d script it did not kick any existing users off
the server. shouldn't it have broken the connection
amybe a need to do a full stop and start for
sshd_config to be re-loaded ?
permissions are 0600 on authorized_keys
what am i doing wrong ?
btw what does the -1 mean in the debug message
debug1: identity file /home/username/.ssh/identity
type -1
debug1: identity file /home/username/.ssh/id_rsa type
1
debug1: identity file /home/username/.ssh/id_dsa type
2
thanx for your help.
lazer
ssh -v 10.10.10.10
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.10.10.10 port 22.
debug1: Connection established.
debug1: identity file /home/username/.ssh/identity
type -1
debug1: identity file /home/username/.ssh/id_rsa type
1
debug1: identity file /home/username/.ssh/id_dsa type
2
debug1: Remote protocol version 2.0, remote software
version OpenSSH_4.0
debug1: match: OpenSSH_4.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '212.25.92.186' is known and matches the
RSA host key.
debug1: Found key in /home/username/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key:
/home/username/.ssh/id_rsa
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Trying private key:
/home/username/.ssh/identity
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Offering public key:
/home/username/.ssh/id_rsa
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Offering public key:
/home/username/.ssh/id_dsa
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Next authentication method: password
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the fedora-list
mailing list