theYinYeti Posted September 2, 2005 Report Share Posted September 2, 2005 Hi, I want to use SSH with keys, and without a passphrase for a start; when that will work, I'll consider using one along with ssh-agent. All instructions found on internet agree on the method, which is in short: $ ssh-keygen -t dsa $ cat ~/.ssh/id_dsa.pub | ssh me@remote "cat - >> ~/.ssh/authorized_keys" $ ssh me@remote "chmod -R go= ~/.ssh" Yet I'm still asked for a password when I try and login to the remote server. Yves. Quote Link to comment Share on other sites More sharing options...
paul Posted September 2, 2005 Report Share Posted September 2, 2005 this any use? http://www.gentoo.org/proj/en/keychain/index.xml Quote Link to comment Share on other sites More sharing options...
jboy Posted September 2, 2005 Report Share Posted September 2, 2005 $ cat ~/.ssh/id_dsa.pub | ssh me@remote "cat - >> ~/.ssh/authorized_keys"$ ssh me@remote "chmod -R go= ~/.ssh"[/code] Yet I'm still asked for a password when I try and login to the remote server. This is a possiblity: Check sshd_config on the server and remove the line "PubkeyAuthentication no" if it exists then restart sshd. That tip is from http://www.linuxquestions.org/questions/answers/79 Quote Link to comment Share on other sites More sharing options...
theYinYeti Posted September 2, 2005 Author Report Share Posted September 2, 2005 I'll have to try. Thanks :) Quote Link to comment Share on other sites More sharing options...
theYinYeti Posted September 3, 2005 Author Report Share Posted September 3, 2005 jboy, it seems I already have things as they should be... here is what I have: sedentaire.local$ grep '^[^#]' /etc/ssh/sshd_configProtocol 2,1 HostKey /etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key PermitRootLogin yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile ~/.ssh/authorized_keys RhostsAuthentication no IgnoreRhosts yes IgnoreUserKnownHosts yes X11Forwarding yes UsePrivilegeSeparation yes Compression yes Subsystem sftp /usr/lib/ssh/sftp-server sedentaire.local$ ls -la ~/.ssh total 24 drwx------ 2 yves root 4096 sep 3 15:07 ./ drwxrwx--x 83 yves root 4096 sep 3 15:06 ../ -rw------- 1 yves root 231 sep 3 15:09 authorized_keys -rw------- 1 yves root 883 sep 3 15:07 id_rsa -rw-r----- 1 yves root 231 sep 3 15:07 id_rsa.pub -rw------- 1 yves root 681 sep 3 15:06 known_hosts sedentaire.local$ ssh -v sedentaire.local OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to sedentaire.local [127.0.0.1] port 22. debug1: Connection established. debug1: identity file /local/home/yves/.ssh/identity type -1 debug1: identity file /local/home/yves/.ssh/id_rsa type 1 debug1: identity file /local/home/yves/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.9p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'sedentaire.local' is known and matches the RSA host key. debug1: Found key in /local/home/yves/.ssh/known_hosts:3 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /local/home/yves/.ssh/identity debug1: Offering public key: /local/home/yves/.ssh/id_rsa debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Trying private key: /local/home/yves/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: password yves@sedentaire.local's password: paul, I'm reading your URL :) Yves. Quote Link to comment Share on other sites More sharing options...
jboy Posted September 3, 2005 Report Share Posted September 3, 2005 My debug messages are similar to yours up through: debug1: Offering public key: /local/home/yves/.ssh/id_rsa But then, instead of getting this following line: debug1: Authentications that can continue: publickey,password,keyboard-interactive here's my output: debug1: Offering public key: /home/jboy/.ssh/id_dsa debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-dss blen 433 debug2: input_userauth_pk_ok: debug1: read PEM private key done: type DSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug2: channel 0: send open debug1: Entering interactive session. debug2: callback start debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 0 debug2: channel 0: request shell confirm 0 debug2: fd 3 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 131072 <... received login prompt ...> So I don't know what could be wrong. I'm also not using ssh-agent so no passphrase is involved. I used this reference to set up the ssh keys: http://www.linuxquestions.org/questions/an...ticle&artid=288 The procedures you used look functionally equivalent. I've used the same procedure on 4 different distros and can connect on all of them, so I'm stumped as to what could be the problem. If I think of anything else that might be helpful, I'll post a new message. Quote Link to comment Share on other sites More sharing options...
jboy Posted September 19, 2005 Report Share Posted September 19, 2005 (edited) I want to use SSH with keys, and without a passphrase for a start; when that will work, I'll consider using one along with ssh-agent. All instructions found on internet agree on the method, which is in short: $ ssh-keygen -t dsa $ cat ~/.ssh/id_dsa.pub | ssh me@remote "cat - >> ~/.ssh/authorized_keys" $ ssh me@remote "chmod -R go= ~/.ssh" Yet I'm still asked for a password when I try and login to the remote server. Yves, I think I found the problem. Copy the id_dsa.pub key into the authorized_keys2 file on the remote server, NOT authorized_keys. Thus the line in your original post above needs to be: $ cat ~/.ssh/id_dsa.pub | ssh me@remote "cat - >> ~/.ssh/authorized_keys2" I found this out when I tried to setup ssh using public key authentication into a new 2006 install. When I copied the id_dsa.pub key into authorized_keys it didn't work, but when I copied it into authorized_keys2, then it began working. I guess this has to do with SSH Protocol Version 2 being used. I hope this works for you. Edited September 19, 2005 by jboy Quote Link to comment Share on other sites More sharing options...
theYinYeti Posted September 19, 2005 Author Report Share Posted September 19, 2005 Still no luck :( I thank you very much jboy, for looking into this matter, and thinking about warning me. It's too bad it does not work, but it was worth trying :) I changed my Mdv2005 sshd_config and ssh_config files to reflect those of my Debian 3.1. I can ssh localhost on Debian without giving the password, yet I can't on Mdv2005 :o I'll try again when I have upgraded to 2006... Yves. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.