ssh without password does not work

From: tom (thomas.schwaerzler_at_gmx.at)
Date: 11/28/03

  • Next message: Derrin Chong: "Re: plink removes quote marks"
    Date: 28 Nov 2003 06:01:46 -0800
    
    

    i got the following problem:

    i have a network with redhat 8.0 on about 7 machines and i need to run
    ssh without password inside this network. in this network /home
    directory is mounted from one server via nfs.

    what i tried is this (with 2 machines(i call them
    localhost,remotehost)):

    on localhost:
    cd .ssh
    ssh-keygen -t rsa
    ssh-keygen -t dsa
    scp *.pub user@remotehost:~/
    ssh remotehost -l user
    cat id_rsa.pub >> .ssh/authorized_keys
    cat id_dsa.pub >> .ssh/authorized_keys
    rm id_rsa.pub id_dsa.pub
    exit

    this did not work so i went on looking for hints in howtos and
    newsgroups and found:

    If above is not successful, check sshd configuration:
    vi /etc/ssh/sshd_config (on the Linux box)
    RSAAuthentication yes
    PubkeyAuthentication yes

    what i did on both hosts. but after restarting sshd (killall -HUP sshd
    und /etc/init.d/sshd restart), i had the same problem:
    could not connect without password.

    can anyone tell me what is going wrong here?
    thanx
    tom ...

    and here the configfiles in /etc/ssh/
    =====================================

    sshd_config
    ===========

    # $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $

    # This is the sshd server system-wide configuration file. See
    # sshd_config(5) for more information.

    # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

    # The strategy used for options in the default sshd_config shipped
    with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented. Uncommented options change a
    # default value.

    #Port 22
    #Protocol 2,1
    #ListenAddress 0.0.0.0
    #ListenAddress ::

    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key

    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 3600
    #ServerKeyBits 768

    # Logging
    #obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    SyslogFacility AUTHPRIV
    #LogLevel INFO

    # Authentication:

    #LoginGraceTime 600
    #PermitRootLogin yes
    #StrictModes yes

    RSAAuthentication yes
    PubkeyAuthentication yes
    #AuthorizedKeysFile .ssh/authorized_keys

    # rhosts authentication should not be used
    #RhostsAuthentication no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    # For this to work you will also need host keys in
    /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no

    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no

    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes

    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes

    #AFSTokenPassing no

    # Kerberos TGT Passing only works with the AFS kaserver
    #KerberosTgtPassing no

    # Set this to 'yes' to enable PAM keyboard-interactive authentication
    # Warning: enabling this may bypass the setting of
    'PasswordAuthentication'
    #PAMAuthenticationViaKbdInt yes

    #X11Forwarding no
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #KeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #Compression yes

    #MaxStartups 10
    # no default banner path
    #Banner /some/path
    #VerifyReverseMapping no

    # override default of no subsystems
    Subsystem sftp /usr/libexec/openssh/sftp-server

    ssh_config:
    ===========

    # $OpenBSD: ssh_config,v 1.15 2002/06/20 20:03:34 stevesk Exp $

    # This is the ssh client system-wide configuration file. See
    # ssh_config(5) for more information. This file provides defaults for
    # users, and the values can be changed in per-user configuration files
    # or on the command line.

    # Configuration data is parsed as follows:
    # 1. command line options
    # 2. user-specific file
    # 3. system-wide file
    # Any configuration value is only changed the first time it is set.
    # Thus, host-specific definitions should be at the beginning of the
    # configuration file, and defaults at the end.

    # Site-wide defaults for various options

    # Host *
    # ForwardAgent no
    # ForwardX11 no
    # RhostsAuthentication no
    # RhostsRSAAuthentication no
    RSAAuthentication yes
    # PasswordAuthentication yes
    # BatchMode no
    # CheckHostIP yes
    # StrictHostKeyChecking ask
    # IdentityFile ~/.ssh/identity
    # IdentityFile ~/.ssh/id_rsa
    # IdentityFile ~/.ssh/id_dsa
    # Port 22
    # Protocol 2,1
    # Cipher 3des
    # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
    # EscapeChar ~
    Host *
            ForwardX11 yes


  • Next message: Derrin Chong: "Re: plink removes quote marks"

    Relevant Pages

    • Re: Unable to set DISPLAY localhost:0.0 / Solved
      ... [root@localhost root]# date ... # This is the ssh client system-wide configuration file. ... # Kerberos TGT Passing only works with the AFS kaserver ...
      (Fedora)
    • Re: ssh without password does not work
      ... > ssh without password inside this network. ... > # This is the sshd server system-wide configuration file. ... > # RhostsRSAAuthentication and HostbasedAuthentication ... > # Kerberos TGT Passing only works with the AFS kaserver ...
      (comp.security.ssh)
    • Re: ssh2 hostbased auth fails
      ... Actually the ssh client works fine,the problem is the scp and sftp client. ... Here is my configuration file. ... # To disable tunneled clear text passwords, ... # Kerberos TGT Passing does only work with the AFS kaserver ...
      (SSH)
    • Re: kerberos authentication
      ... If your are using Kerberos, then you need PasswordAuthentication yes in the ... If your using GSSAPI then you need GSSAPIAuthentication yes in the sshd_config ... $ ssh me@rhea ...
      (SSH)
    • RE: SSH Access Issues
      ... # This is the ssh client system-wide configuration file. ... # Kerberos TGT Passing only works with the AFS kaserver ...
      (Fedora)