Re: Can't login without password

From: Bill Unruh (unruh@string.physics.ubc.ca)
Date: 01/05/03


From: unruh@string.physics.ubc.ca (Bill Unruh)
Date: 5 Jan 2003 19:10:46 GMT

fsromero@hotmail.com (Cylurian) writes:

]"Charles Howse" <chowse@charter.net> wrote in message news:<v1erbj7v7rorf7@corp.supernews.com>...
]> Hello Group,
]> Using Redhat 8.0, Ive got ssh working on 2 machines.
]> I've created the public key for each machine and placed each in the
]> ~/.ssh/known_hosts file on the other machine.
]> When I:
]> # ssh <remote machine>
]> I am prompted for the password.
]> I thought copying the public keys was supposed to do it?
]> How do I setup to login without providing a password?

No. What you have done is to make sure the ssh is possible between the
two machines. Passwordless logon is an Option given to each user.

Ie, if user A on machine 1 wants to logon on as user B on machine 2, he
must
a) himself generate a public/private key pair
ssh-keygen -2

This will generate a public/private dh and rsa keypairs stored in
~/.ssh/id_rsa and ~/.ssh/id_rsa.pub and similarly for id_dsa and
id_dsa.pub

You must now take the content of id_rsa.pub or id_dsa.pub and put it
into the file ~/.ssh/authorized_keys of user B on machine 2.
User A can now sign on with
ssh B@2
(B= username of B, 2=name or ip address of machine 2)
(Note that B could be the same name as A in which case the B@ is not
needed)

]I assume that you are using Openssh. If so, this is what I did.

]First on the client machine go to the ~/.ssh folder. If there is no
]~/.ssh folder don't worry just go to your home directory. Then type
]the command:

]ssh-keygen -t dsa

]Hit return everytime without putting anything. Two file will be
]created, id_dsa and id_dsa.pub. The id_dsa.pub is the key that the
]server needs. id_dsa.pub is the file you send to the server. Leave
]the id_dsa file alone.

]Make sure that there is a ~/.ssh folder in the server. You may do
]step one on the server to create a ~/.ssh folder (this will create the
]correct permission on the .ssh folder). To send the id_dsa.pub key
]from the client to the server, type (make sure you are at ~/.ssh):

]cat id_dsa.pub | ssh user@server.com "cat >> .ssh/authorized_keys"

]This will ask for the users' password. Now you should be able to ssh
]from the client to the server by typing:

]ssh user@server.com

]If it doesn't work then you might have two problems (or more). First
]the file you sent (authorized_keys) was corrutpted. To fix this you
]need to copy id_dsa.pub file on a floppy and rename it to
]authorized_keys to the server (at ~/.ssh. Or gzip the id_dsa.pub file
]and scp it to the server and rename it.

]The second problem is the permissions on the .ssh folder, home
]directory, or authorized_keys. I found out the hard way that if the
]permissions are not correct on the .ssh folder, the home folder or the
]authorized_keys file, ssh will not automatically authenticate without
]a password. If your home directory has a "group" that can write to
]the directory the might be one reason why the authentication without a
]password might not work. If you look at /etc/sshd_config you might
]find "StrictModes yes", this means that the home directory folder, the
]authorized_keys file or .ssh folder needs to have the correct
]permissions.

]Hope that helps.



Relevant Pages

  • Re: Explanation of SSH
    ... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
    (comp.security.ssh)
  • Re: Restricting ssh access to selected hosts
    ... Then copy the public key to the target box with: ... >> You can make the ssh server key-only, ... > want to login as "userB" on the server. ...
    (comp.os.linux.security)
  • Explanation of SSH
    ... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
    (comp.security.ssh)
  • Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permi
    ... and got stuck setting up the public key login. ... I spent a few hours yesterday trying to get SSH going again. ... Log in using your private key from the server (ie. login to the ...
    (freebsd-questions)
  • RE: Using public key pair to authenticate
    ... Using public key pair to authenticate ... Most people would start SSH server in debug mode, "sshd -d", and also ...
    (SSH)