Re: Problems with ssh-keygen

From: Greg Wooledge (wooledg@eeg.ccf.org)
Date: 02/06/03

  • Next message: Sebastian Benner: "Re: Re: ssh via HTTP proxy..."
    Date: Thu, 6 Feb 2003 08:34:00 -0500
    From: Greg Wooledge <wooledg@eeg.ccf.org>
    To: Steve Perron <perronsteve@hotmail.com>
    
    

    On Tue, Feb 04, 2003 at 08:25:24AM -0500, Steve Perron wrote:

    > as some of you suggested I used ssh-keygen to automate my sftp connection
    > but the server side still asking me for a password even if a transfered my
    > public key to it.

    Permissions.

    > I will give you the steps I did for the ssh-keygen installation.
    >
    > 1. ssh-keygen -t dsa (on the openssh client side)
    > 2. put the .ssh/id_dsa.pub into .ssh/authorized_keys (on the openssh server
    > side)

    Check the permissions on $HOME and $HOME/.ssh and $HOME/.ssh/authorized_keys.
    Then check the permissions on every directory leading up to $HOME. I've
    seen cases where someone had $HOME = /foo/bar/u/username and one of the
    directories (e.g. /foo/bar) had group write permission.

    > Someone suggested me that the server side and client side had to have the
    > same username/password. Is it a reality?

    No, it's not.

    > Also, is there a possible miscommunication between two server that are not
    > the same, one HP and one Sun?

    The operating system should not matter. I've used passwordless
    authentication between HP-UX, Linux and OpenBSD. The version of SSH,
    however, might matter, as there is an interoperability issue with the
    key formats used by OpenSSH and commercial SSH.

    Also, if you're using OpenSSH 2.x, you've placed the public key in
    the wrong file (you need to use authorized_keys2 in that version).

    If all else fails, get root on the server, and run

       /path/to/sshd -p 2222 -d

    then connect to the server on port 2222. The server will emit debugging
    information which might help tell you why your authorized_keys file
    isn't being honored. (Client-side debugging, with "ssh -v", tends not
    to be useful in this kind of problem.)