theYinYeti Posted November 20, 2005 Report Share Posted November 20, 2005 Hello, I run ssh between my laptop and my main PC. With root, I can use key-based authentication, but with any other user, I can't. Any idea of where to look? Would it help to see ssh_config? sshd_config? .ssh setups?... Yves. [edit:]removed a "what is" that shouldn't have been there :)[/edit] Quote Link to comment Share on other sites More sharing options...
theYinYeti Posted November 21, 2005 Author Report Share Posted November 21, 2005 Further information: I had the same issue with Mandriva 2005. I don't know for older versions, as I did not attempt it before. Yves. Quote Link to comment Share on other sites More sharing options...
paul Posted November 21, 2005 Report Share Posted November 21, 2005 some info: paul@seraph ~ $ cat .bash_profile # /etc/skel/.bash_profile: # $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/skel/.bash_profile,v 1.10 2002/11/18 19:39:22 azarah Exp $ #xbindkeys & #This file is sourced by bash when you log in interactively. [ -f ~/.bashrc ] && . ~/.bashrc keychain /home/paul/.ssh/id_rsa /home/paul/.ssh/id_dsa . ~/.keychain/${HOSTNAME}-sh export BROWSER="firefox" export TERMCMD="Eterm" paul@seraph ~ $ cat .ssh/authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBAIj8YmzlleeLyiECoiYnaIazfhTI/Jzc1zOwQqkltWoOUh3yS4 oLtGOZS7/zAYWRjZCh5+RzkOpCm1asE+6Al/***********************************7fCYcDYz z0peOOQHLJ1v69rFvB8l3TkVyUetD+Cjtb7j3Hy7AAAAFQCfXA3RWgisS6hQizsticWtiEJ Z0wAAAIEAheJTzPcvQV3wXzoBsh3JoodSAlVmL8NIG4rdkooS/wCxSjosj9/wyEm6ORkU gY4UoUYAymcp/+wpihow7lZRZWTZeoUBVAvmnZ/3uSLX51Qs+YSe8vUE47bVSNcj+W1 jdtGd07HX8/vvjkI+mpsMo+UW6nKvI+PYIFsx5RSxeioAAACAG6ayJgD6asuOJn2CsIZEL0 TOVnzljpBJiVqqqhSS8k1vR4IjqwXUOHwJPFZ4GqyqYtOnhfB1e53SIsK0yTgFm+XcK0n0X GfAVZAsR6s9i7BrpMBA1R/lXo9g5v/PMSVZStIMWNzUXLCfR56LD+CvQsqOBxPyzJHXpP hzzJLUft4= paul@asmith.loudas.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzttb2rQRwtjMP2velQ/eoRPHDG7srMVdDWZ36ImBg iKPXuV53qEqchIrO+O/lpDaxMvPgfptHp0Nm/JPz0EqIybR1Twx/hV9GZ8WJ/*****************V GOLhN8= paul@asmith.loudas.com paul@asmith ~ $ cat .bash_profile # /etc/skel/.bash_profile: # $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/skel/.bash_profile,v 1.10 2002/11/18 19:39:22 azarah Exp $ #This file is sourced by bash when you log in interactively. [ -f ~/.bashrc ] && . ~/.bashrc keychain /home/paul/.ssh/id_rsa /home/paul/.ssh/id_dsa . ~/.keychain/${HOSTNAME}-sh #source .ssh-agent > /dev/null paul@asmith ~ $ cat .ssh/authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBANFVxg1nknfJ/6q0QYjHg+yMBaWRL6dwjwqdPIuqxaEHUh1tK K8uMlRWZphGC97naAY7dphJ69TtfMKRJBvcCv5VBNFlKg1XYnjYhPs4VdPpvztdt4nNAYK hEHUXXdoy+ibRU6uJ2ErM2TMpfeUgI2eFDTFj+****************************************** ******** IA3kDh68y0/vBP2q+8x8m7NB3+aNNajUXOphSTy3dY3NTts1WcYqKtL6D6/apU7yu6bMZJrX U8vkm/aE/qh2f0cSdyeJPNvauuw7uSMsL5GjOo6pUuR2CE/d8pjyd7g04vU15BOGlmUj5qZQx NjndPwez1kAAACBAJ4uhq+49ZKmkUrl5ipcSltw3ZJXYW0QaY+AkZORqNZYz0udAMpAfLN jh8q6+Q38YiJdNuq7sjeLwntxZpmktIP5M2F4dKudWqEuv4Rae8PVZrZo2Vm4CTtyaDQ7F1fq XRD7E6kPsIpx1zYRg5Tw+/12qKU7WTBP6VyC7Qq00Fuq paul@seraph ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA13WD4iDk1R2Us92QGFLCCHZrUX+VEdyEwcTq7h9 hphSVoi/lvMr**************************************************v1HsPLxXel4HbbLWiyrNHqNIxF NNg RxY9mZSGh6fZhcyFTy8Rvl3oXKSb7OREaGaV/M= paul@seraph attached is keychain (from the gentoo archive) .. might have some other files too . .haven't looked that hard I used ssh-keygen -t rsa & ssh-keygen -t dsa HTH keychain.txt Quote Link to comment Share on other sites More sharing options...
paul Posted November 21, 2005 Report Share Posted November 21, 2005 commented out some of my keys .. . :) Quote Link to comment Share on other sites More sharing options...
theYinYeti Posted November 21, 2005 Author Report Share Posted November 21, 2005 Wow Paul! You have a lot of confidence in my knowledge :lol: OK, I looked at this all, but it unfortunately does not solve my problem (as far as I understand...). Actually, I'm just beginning with SSH keys, so my case is much simpler. I don't (explicitely) use ssh-agent (though Mandriva may do so for me), nor do I use keychain. My setup is like this: me@client ~$ ssh-keygen -t rsa ...location...: <Enter> ...passphrase...: <Enter> ...passphrase again...: <Enter> me@client ~$ cd .ssh me@client ~/.ssh$ cat id_rsa.pub >authorized_keys me@client ~/.ssh$ sftp me@server ...password...: ********<Enter> > cd .ssh OK > mput id_* Uploaded id_rsa ... Uploaded id_rsa.pub ... > put authorized_keys Uploaded ... > quit me@client ~/.ssh$ ssh me@server ...password...: !!! For that matter: me@server $ ssh me@server ...password...: !!! As for the configuration, it is Mandriva 2006 default SSH configuration, except that I allow ssh for root (that's how I ckecked that the above procedure does work for root!), and my users ('me' and root) started with no ~/.ssh at all. Besides, when I run ssh -vv, I see all that I should see, according to: http://www.linuxquestions.org/questions/an...rticle&artid=79 Does anyone have an idea? Does anyone use keys that way with Mandriva? Does anyone use keys another way with Mandriva? Yves. Quote Link to comment Share on other sites More sharing options...
paul Posted November 22, 2005 Report Share Posted November 22, 2005 I think you may be mixing up your .pub keys me@client ssh-keygen -t rsa me@client scp ~/.ssh/id_rsa.pub server:.ssh/client.id_rsa.pub me@server ssh-keygen -t rsa me@server scp ~/.ssh/id_rsa.pub client:.ssh/server.id_rsa.pub me@client cat ~/.ssh/server.id_rsa.pub >> ~/.ssh/authorized_keys me@server cat ~/.ssh/client.id_rsa.pub >> ~/.ssh/authorized_keys me@client ssh server nopassword required me@server ssh client nopassword required Looks like to me (above post) that you are adding the local key to the local authorized_keys, when you should be adding the opposing id_rsa.pub to each machine. Meaning the server id should be in the client authorized_keys and the client id shoud be in the server authorized_keys Quote Link to comment Share on other sites More sharing options...
theYinYeti Posted November 23, 2005 Author Report Share Posted November 23, 2005 Thanks Paul, I'll try this... when I'll have time :) I have not used the computer for 3 or 4 days already at home... Yves. Quote Link to comment Share on other sites More sharing options...
theYinYeti Posted November 25, 2005 Author Report Share Posted November 25, 2005 OK. It is working :) In fact, I was not messing with keys at all. It's just that I use the same keys on the client and the server. The solution lied in permissions! Ssh key-based authentication seems to only work with at most rights 711 on the home-directory, and with exact rights 644 on authorised_keys! Yves. Quote Link to comment Share on other sites More sharing options...
paul Posted November 26, 2005 Report Share Posted November 26, 2005 my home dir 700 my ~/.ssh/ 700 my authorized_keys 644 Glad its working ;) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.