Re: Can't login without password

From: Bill Unruh (unruh@string.physics.ubc.ca)
Date: 01/05/03


From: unruh@string.physics.ubc.ca (Bill Unruh)
Date: 5 Jan 2003 19:10:46 GMT

fsromero@hotmail.com (Cylurian) writes:

]"Charles Howse" <chowse@charter.net> wrote in message news:<v1erbj7v7rorf7@corp.supernews.com>...
]> Hello Group,
]> Using Redhat 8.0, Ive got ssh working on 2 machines.
]> I've created the public key for each machine and placed each in the
]> ~/.ssh/known_hosts file on the other machine.
]> When I:
]> # ssh <remote machine>
]> I am prompted for the password.
]> I thought copying the public keys was supposed to do it?
]> How do I setup to login without providing a password?

No. What you have done is to make sure the ssh is possible between the
two machines. Passwordless logon is an Option given to each user.

Ie, if user A on machine 1 wants to logon on as user B on machine 2, he
must
a) himself generate a public/private key pair
ssh-keygen -2

This will generate a public/private dh and rsa keypairs stored in
~/.ssh/id_rsa and ~/.ssh/id_rsa.pub and similarly for id_dsa and
id_dsa.pub

You must now take the content of id_rsa.pub or id_dsa.pub and put it
into the file ~/.ssh/authorized_keys of user B on machine 2.
User A can now sign on with
ssh B@2
(B= username of B, 2=name or ip address of machine 2)
(Note that B could be the same name as A in which case the B@ is not
needed)

]I assume that you are using Openssh. If so, this is what I did.

]First on the client machine go to the ~/.ssh folder. If there is no
]~/.ssh folder don't worry just go to your home directory. Then type
]the command:

]ssh-keygen -t dsa

]Hit return everytime without putting anything. Two file will be
]created, id_dsa and id_dsa.pub. The id_dsa.pub is the key that the
]server needs. id_dsa.pub is the file you send to the server. Leave
]the id_dsa file alone.

]Make sure that there is a ~/.ssh folder in the server. You may do
]step one on the server to create a ~/.ssh folder (this will create the
]correct permission on the .ssh folder). To send the id_dsa.pub key
]from the client to the server, type (make sure you are at ~/.ssh):

]cat id_dsa.pub | ssh user@server.com "cat >> .ssh/authorized_keys"

]This will ask for the users' password. Now you should be able to ssh
]from the client to the server by typing:

]ssh user@server.com

]If it doesn't work then you might have two problems (or more). First
]the file you sent (authorized_keys) was corrutpted. To fix this you
]need to copy id_dsa.pub file on a floppy and rename it to
]authorized_keys to the server (at ~/.ssh. Or gzip the id_dsa.pub file
]and scp it to the server and rename it.

]The second problem is the permissions on the .ssh folder, home
]directory, or authorized_keys. I found out the hard way that if the
]permissions are not correct on the .ssh folder, the home folder or the
]authorized_keys file, ssh will not automatically authenticate without
]a password. If your home directory has a "group" that can write to
]the directory the might be one reason why the authentication without a
]password might not work. If you look at /etc/sshd_config you might
]find "StrictModes yes", this means that the home directory folder, the
]authorized_keys file or .ssh folder needs to have the correct
]permissions.

]Hope that helps.