setting up passwordless ssh connections
Todd Wease
wease1 at coldbrains.com
Sun Aug 7 16:27:57 UTC 2005
On Sun, 2005-08-07 at 08:39 -0700, Eliezer Ramm wrote:
> Hi,
>
> I am trying to setup passwordless ssh connections
>
> so far i have
> 1) created rsa private/public keys
> 2) copied the public key (id_rsa.pub) to the machine i
> want to connect to and renamed it authorized_keys in
> the .ssh dir
>
> when i try to connect it still asks me for the
> password
>
> ssh -v tells me a few things -
>
> Next authentication method: publickey
> * that's good*
> debug1: Trying private key:
> /home/username/.ssh/identity
> debug1: read PEM private key done: type RSA
>
> *wonderfull! it is reading the client side private
> key*
>
> then.........
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Offering public key:
> /home/username/.ssh/id_rsa
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Offering public key:
> /home/username/.ssh/id_dsa
>
> then it goes to password :(
>
> it never looks for the authorized_key file. i have
> even place id_rsa in my .ssh dir on the server and
> even renamed id_rsa.pub to id_rsa on the server but
> nothing helps.
>
> so I looked at the server config and changed from the
> FC defaults to
>
> PubkeyAuthentication yes
> AuthorizedKeysFile .ssh/authorized_keys
>
> interesting enough when sshd was restarted from the
> init.d script it did not kick any existing users off
> the server. shouldn't it have broken the connection
> amybe a need to do a full stop and start for
> sshd_config to be re-loaded ?
>
> permissions are 0600 on authorized_keys
>
> what am i doing wrong ?
>
> btw what does the -1 mean in the debug message
>
> debug1: identity file /home/username/.ssh/identity
> type -1
> debug1: identity file /home/username/.ssh/id_rsa type
> 1
> debug1: identity file /home/username/.ssh/id_dsa type
> 2
>
> thanx for your help.
>
> lazer
> ssh -v 10.10.10.10
> OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to 10.10.10.10 port 22.
> debug1: Connection established.
> debug1: identity file /home/username/.ssh/identity
> type -1
> debug1: identity file /home/username/.ssh/id_rsa type
> 1
> debug1: identity file /home/username/.ssh/id_dsa type
> 2
> debug1: Remote protocol version 2.0, remote software
> version OpenSSH_4.0
> debug1: match: OpenSSH_4.0 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.9p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
> sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host '212.25.92.186' is known and matches the
> RSA host key.
> debug1: Found key in /home/username/.ssh/known_hosts:1
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Next authentication method: gssapi-with-mic
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Next authentication method: publickey
> debug1: Offering public key:
> /home/username/.ssh/id_rsa
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Trying private key:
> /home/username/.ssh/identity
> debug1: read PEM private key done: type RSA
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Offering public key:
> /home/username/.ssh/id_rsa
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Offering public key:
> /home/username/.ssh/id_dsa
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> debug1: Next authentication method: password
>
The only thing I can think of is to try to set the permissions on
authorized_keys file to 0644 (just make sure your private key on the
client machine is 0600). I think the only thing different in our setups
is that I kept the passphrase used to unlock my private key. Here's the
output I get:
...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/wease1/.ssh/identity
debug1: Offering public key: /home/wease1/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering public key: /home/wease1/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/wease1/.ssh/id_dsa':
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
...
Todd
More information about the fedora-list
mailing list