[SOLVED] Re: Unable to Automate SSH authentication
- From: Rahul Tidke <rahul@xxxxxxxxxxxx>
- Date: Fri, 26 Jun 2009 13:39:25 +0530
Konstantin Svist wrote:
Ohhhhh.....it was my mistake, it was just copy/paste error, copying public keys directly (using right click context menu) from command prompt did not work for me, I should have done it using copy command.Rahul Tidke wrote:I have verified permissions for .ssh directory and they are ok; but I am getting following error in /var/log/messages, it is first attempting to use key authentication and after that password authentication. I think it is unable to read the key, I copy/pasted these keys from command promt, what is wrong here.
Hello,
I am configuring Fedora Core 6 and CentOS5.3 for automatic SSH
authentication, ssh version is OpenSSH_4.3p2, OpenSSL 0.9.8b, I have executed following commands but still both systems prompt me for
passwords instead of using public keys.
ssh-keygen -b 1024 -t dsa (on both hosts with empty pass phrase)
ssh-agent $BASH (on both hosts)
ssh-add /root/.ssh/id_dsa (on both hosts)
created "authorized_keys" file in /root/.ssh directory on both the
hosts and copied (exchanged) id_dsa.pub keys to it.
SSH is open on both the hosts.
Now it should login automatically without prompting for passwords; but
it still prompts for password, what is going wrong here? I have tried
disabling password authentication in /etc/ssh/sshd_config but no help.
I usually set everything up without ssh-agent. All you need is
~/.ssh/config file with
Host host2 192.168.1.2
IdentityFile ~/.ssh/id_dsa.host2
^ of course assuming the other computer's host name is host2 and IP
address 192.168.1.2
Copy the .pub into host2:~/.ssh/authorized_keys
You can also tell both systems to use the same public/private keypair if
you're not too worried about security. Otherwise, you can delete .pub file
At this point, this should work w/o a password:
host1$ ssh host2
For your particular problem, check permissions of ~/.ssh/ directory --
it should be 700. All the files in it need at least 400, you can set it
to that and still be able to use it without any issues. 600 also works,
as should 640. Anything more permissive, though, will sometimes result
in ssh server refusing to use it (any user might've seen/modified it, etc.)
If you have selinux enabled, check /var/log/messages on the ssh server
-- it will spit out a message when you try to connect using the private key.
The command to fix it is something like "restorecon -R ~/.ssh" Don't
trust me, though -- it should be mentioned in /var/log/messages if you
need to run it. I just turn selinux off.
HTH
Jun 26 12:43:58 matrix sshd[1251]: error: key_read: uudecode AAAAB3NzaC1kc3MAAACBAKmSjy+E8I/3P2HUNHJ/p844rfCULFnUhOPp4PAKnqxJYc+vB3p6kEfR3WFB28csJuWxdKv9fH
OOSaSerS2rkanXTQ8JUwbwwktYoftXgtznYwNhqwoPvdpcfzD2Xv4fYhjQSRtWkMPE0lFYgjOrsH88AWa69T4aSGn58TkX6PAAAAFQC
BH2DnXuKhyZz4d3iSzxUBY98z8QAAAIAK2QhTbCZuKDRy94ol9CC1+CkzhUA7PB3v/zHugb3RAl\n failed
Thanks.
Rahul
Thanks for your help.
Rahul.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
- References:
- Unable to Automate SSH authentication
- From: Rahul Tidke
- Re: Unable to Automate SSH authentication
- From: Konstantin Svist
- Re: Unable to Automate SSH authentication
- From: Rahul Tidke
- Unable to Automate SSH authentication
- Prev by Date: Re: Unable to Automate SSH authentication
- Next by Date: Re: F11 Java Graphics issue
- Previous by thread: Re: Unable to Automate SSH authentication
- Index(es):
Relevant Pages
|
