[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh auto0login not working



Hi John,

>> I've been quizzing over this for a few hours, and can't make it work.
>> I have 2 almost identical 7.3 machines, all updated. I want to be able
>> to login to machine B from machine A without a password through ssh to
>> run my rsync backup script.
>>
>> I followed the directions found at
>> http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/custom-guide \
>> /s1-openssh-client-config.html
>>
>> When I try to do the login, I get prompted for a password. I restarted
>> the daemon after copying the id_rsa.pub key over to the
>> authorized_keys files (both ways). I also tried with dsa keys, deleted
>> the known_hosts files (after which I get asked to add the rsa key to
>> known_hosts again) and just about everything else I can think of.
>>
>> I'm doing this all as a specific user (except restarting the daemon),
>> and root is not allowed to login to either machine.
>>
>> TIA for any help, ideas, etc.
>
>
> What I do is create a key:
> ssh-keygen -t dsa

Done, also ssh-keygen -t rsa
>
> I reply by pressing <enter> to each question.

Yup, no passwords...

> I add the contents of .ssh/id_dsa.pub to the target user's
> .ssh/authorized_keys2

I'm using version 3.x, so authorized_keys is the only files here. But yes,
copied over...

> I don't know whether it matters, but I chmod 600 .ssh/authorized_keys2 I
> also like to chmod 700 .ssh

I tried that. Got so frustrated with it all that I even set them to 777
for a minute to test. No joy. Nothing... :|

> .ssh/known_hosts and .ssh/known_hosts2 are best left alone unless you
> know there's a problem.

I only dumped those thinking they may be interfering somehow with the auth
process. IIRC, SSH first tries the authorized_keys files, then known_hosts
with interaction, so you're right, these can generally be left alone.

> I vaguely recall having to fiddle with something in /etc/ssh on Debian
> so I could connect as root. I sometimes tighten ListenAddress in
> /etc/ssh/sshd_config.

Yeah, I don't allow root logins directly to any of my machines, even from
the console. :)

> FWIW here is a configuration from a working RHL 7.2 system:
> [root gw mail]# egrep -i '^[a-z]' /etc/ssh/sshd_config
> Port 22
> HostKey /etc/ssh/ssh_host_key
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_dsa_key
> ServerKeyBits 768
> LoginGraceTime 600
> KeyRegenerationInterval 3600
> PermitRootLogin yes
> IgnoreRhosts yes
> StrictModes yes
> X11Forwarding yes
> X11DisplayOffset 10
> PrintMotd yes
> KeepAlive yes
> SyslogFacility AUTHPRIV
> LogLevel INFO
> RhostsAuthentication no
> RhostsRSAAuthentication no
> HostbasedAuthentication no
> RSAAuthentication yes
> PasswordAuthentication yes
> PermitEmptyPasswords no
> ChallengeResponseAuthentication no
> Subsystem       sftp    /usr/libexec/openssh/sftp-server

The only change I made to the above is PermitRootLogins no

Something is messed up here... but thanks for the response.
-- 
Keith Mastin
BeechTree Information Technology Services Inc.
Toronto, Canada
(416)696 6070






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]