setting up passwordless ssh connections

Todd Wease wease1 at coldbrains.com
Sun Aug 7 16:27:57 UTC 2005 

On Sun, 2005-08-07 at 08:39 -0700, Eliezer Ramm wrote:
> Hi,
> 
> I am trying to setup passwordless ssh connections
> 
> so far i have 
> 1) created rsa private/public keys
> 2) copied the public key (id_rsa.pub) to the machine i
> want to connect to and renamed it authorized_keys in
> the .ssh dir
> 
> when i try to connect it still asks me for the
> password
> 
> ssh -v tells me a few things -
> 
> Next authentication method: publickey
>  * that's good*
> debug1: Trying private key:
> /home/username/.ssh/identity
> debug1: read PEM private key done: type RSA
> 
> *wonderfull! it is reading the client side private
> key*
> 
> then.........
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Offering public key:
> /home/username/.ssh/id_rsa
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Offering public key:
> /home/username/.ssh/id_dsa
> 
> then it goes to password :(
> 
> it never looks for the authorized_key file. i have
> even place id_rsa in my .ssh dir on the server and
> even renamed id_rsa.pub to id_rsa on the server but
> nothing helps.
> 
> so I looked at the server config and changed from the
> FC defaults to
> 
> PubkeyAuthentication yes
> AuthorizedKeysFile      .ssh/authorized_keys
> 
> interesting enough when sshd was restarted from the
> init.d script it did not kick any existing users off
> the server. shouldn't it have broken the connection
> amybe a need to do a full stop and start for
> sshd_config to be re-loaded ?
> 
> permissions are 0600 on authorized_keys
> 
> what am i doing wrong ?
> 
> btw what does the -1 mean in the debug message
> 
> debug1: identity file /home/username/.ssh/identity
> type -1
> debug1: identity file /home/username/.ssh/id_rsa type
> 1
> debug1: identity file /home/username/.ssh/id_dsa type
> 2
> 
> thanx for your help.
> 
> lazer
> ssh -v 10.10.10.10
> OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to 10.10.10.10 port 22.
> debug1: Connection established.
> debug1: identity file /home/username/.ssh/identity
> type -1
> debug1: identity file /home/username/.ssh/id_rsa type
> 1
> debug1: identity file /home/username/.ssh/id_dsa type
> 2
> debug1: Remote protocol version 2.0, remote software
> version OpenSSH_4.0
> debug1: match: OpenSSH_4.0 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.9p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
> sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host '212.25.92.186' is known and matches the
> RSA host key.
> debug1: Found key in /home/username/.ssh/known_hosts:1
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Next authentication method: gssapi-with-mic
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Next authentication method: publickey
> debug1: Offering public key:
> /home/username/.ssh/id_rsa
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Trying private key:
> /home/username/.ssh/identity
> debug1: read PEM private key done: type RSA
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Offering public key:
> /home/username/.ssh/id_rsa
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Offering public key:
> /home/username/.ssh/id_dsa
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Next authentication method: password
> 

The only thing I can think of is to try to set the permissions on
authorized_keys file to 0644 (just make sure your private key on the
client machine is 0600).  I think the only thing different in our setups
is that I kept the passphrase used to unlock my private key.  Here's the
output I get:

...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/wease1/.ssh/identity
debug1: Offering public key: /home/wease1/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering public key: /home/wease1/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/wease1/.ssh/id_dsa':
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
...

Todd

More information about the fedora-list mailing list