[SOLVED] Re: Unable to Automate SSH authentication

Fri Jun 26 08:09:25 UTC 2009

Konstantin Svist wrote:
>> Rahul Tidke wrote:
>>  
>>> Hello,
>>>    I am configuring Fedora Core 6 and CentOS5.3 for automatic SSH
>>> authentication, ssh version is OpenSSH_4.3p2, OpenSSL 0.9.8b, I  
>>> have executed following commands  but still both systems prompt me for
>>> passwords instead of using public keys.
>>>
>>> ssh-keygen -b 1024 -t dsa (on both hosts with empty pass phrase)
>>> ssh-agent $BASH (on both hosts)
>>> ssh-add /root/.ssh/id_dsa (on both hosts)
>>> created "authorized_keys" file in /root/.ssh directory on both the
>>> hosts and copied (exchanged) id_dsa.pub keys to it.
>>> SSH is open on both the hosts.
>>>
>>> Now it should login automatically without prompting for passwords; but
>>> it still prompts for password, what is going wrong here? I have tried
>>> disabling password authentication in /etc/ssh/sshd_config but no help.
>>>
>>>     
>>
>>
>> I usually set everything up without ssh-agent. All you need is
>> ~/.ssh/config file with
>> Host host2 192.168.1.2
>>   IdentityFile ~/.ssh/id_dsa.host2
>>
>> ^ of course assuming the other computer's host name is host2 and IP
>> address 192.168.1.2
>>
>> Copy the .pub into host2:~/.ssh/authorized_keys
>> You can also tell both systems to use the same public/private keypair if
>> you're not too worried about security. Otherwise, you can delete .pub 
>> file
>>
>> At this point, this should work w/o a password:
>> host1$ ssh host2
>>
>> For your particular problem, check permissions of ~/.ssh/ directory --
>> it should be 700. All the files in it need at least 400, you can set it
>> to that and still be able to use it without any issues. 600 also works,
>> as should 640. Anything more permissive, though, will sometimes result
>> in ssh server refusing to use it (any user might've seen/modified it, 
>> etc.)
>>
>> If you have selinux enabled, check /var/log/messages on the ssh server
>> -- it will spit out a message when you try to connect using the 
>> private key.
>> The command to fix it is something like "restorecon -R ~/.ssh" Don't
>> trust me, though -- it should be mentioned in /var/log/messages if you
>> need to run it. I just turn selinux off.
>>
>> HTH
>>   
> I have verified permissions for .ssh directory and they are ok; but I 
> am getting following error in /var/log/messages, it is first 
> attempting to use key authentication and after that password 
> authentication. I think it is unable to read the key, I copy/pasted 
> these keys from command promt, what is wrong here.
>
> Jun 26 12:43:58 matrix sshd[1251]: error: key_read: uudecode 
> AAAAB3NzaC1kc3MAAACBAKmSjy+E8I/3P2HUNHJ/p844rfCULFnUhOPp4PAKnqxJYc+vB3p6kEfR3WFB28csJuWxdKv9fH 
>
> OOSaSerS2rkanXTQ8JUwbwwktYoftXgtznYwNhqwoPvdpcfzD2Xv4fYhjQSRtWkMPE0lFYgjOrsH88AWa69T4aSGn58TkX6PAAAAFQC 
>
> BH2DnXuKhyZz4d3iSzxUBY98z8QAAAIAK2QhTbCZuKDRy94ol9CC1+CkzhUA7PB3v/zHugb3RAl\n 
> failed
>
> Thanks.
> Rahul
>
Ohhhhh.....it was my mistake, it was just copy/paste error, copying 
public keys directly (using right click context menu) from command 
prompt did not work for me, I should have done it using copy command.

Thanks for your help.

Rahul.