ssh keys with a non-root user [solved]

[theYinYeti]

Hello, I run ssh between my laptop and my main PC. With root, I can use key-based authentication, but with any other user, I can't.

 

Any idea of where to look?

 

Would it help to see ssh_config? sshd_config? .ssh setups?...

 

Yves.

 

[edit:]removed a "what is" that shouldn't have been there :)[/edit]

[theYinYeti]

Further information: I had the same issue with Mandriva 2005. I don't know for older versions, as I did not attempt it before.

 

Yves.

[paul]

some info:

paul@seraph ~ $ cat .bash_profile 
# /etc/skel/.bash_profile:
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/skel/.bash_profile,v 1.10 2002/11/18 19:39:22 azarah Exp $

#xbindkeys &
#This file is sourced by bash when you log in interactively.
[ -f ~/.bashrc ] && . ~/.bashrc

keychain /home/paul/.ssh/id_rsa /home/paul/.ssh/id_dsa
 . ~/.keychain/${HOSTNAME}-sh
export BROWSER="firefox"
export TERMCMD="Eterm"
paul@seraph ~ $ cat .ssh/authorized_keys 
ssh-dss AAAAB3NzaC1kc3MAAACBAIj8YmzlleeLyiECoiYnaIazfhTI/Jzc1zOwQqkltWoOUh3yS4
oLtGOZS7/zAYWRjZCh5+RzkOpCm1asE+6Al/***********************************7fCYcDYz
z0peOOQHLJ1v69rFvB8l3TkVyUetD+Cjtb7j3Hy7AAAAFQCfXA3RWgisS6hQizsticWtiEJ
Z0wAAAIEAheJTzPcvQV3wXzoBsh3JoodSAlVmL8NIG4rdkooS/wCxSjosj9/wyEm6ORkU
gY4UoUYAymcp/+wpihow7lZRZWTZeoUBVAvmnZ/3uSLX51Qs+YSe8vUE47bVSNcj+W1
jdtGd07HX8/vvjkI+mpsMo+UW6nKvI+PYIFsx5RSxeioAAACAG6ayJgD6asuOJn2CsIZEL0
TOVnzljpBJiVqqqhSS8k1vR4IjqwXUOHwJPFZ4GqyqYtOnhfB1e53SIsK0yTgFm+XcK0n0X
GfAVZAsR6s9i7BrpMBA1R/lXo9g5v/PMSVZStIMWNzUXLCfR56LD+CvQsqOBxPyzJHXpP
hzzJLUft4= paul@asmith.loudas.com
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzttb2rQRwtjMP2velQ/eoRPHDG7srMVdDWZ36ImBg
iKPXuV53qEqchIrO+O/lpDaxMvPgfptHp0Nm/JPz0EqIybR1Twx/hV9GZ8WJ/*****************V
GOLhN8= paul@asmith.loudas.com

 

paul@asmith ~ $ cat .bash_profile 
# /etc/skel/.bash_profile:
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/skel/.bash_profile,v 1.10 2002/11/18 19:39:22 azarah Exp $

#This file is sourced by bash when you log in interactively.
[ -f ~/.bashrc ] && . ~/.bashrc

keychain /home/paul/.ssh/id_rsa /home/paul/.ssh/id_dsa
 . ~/.keychain/${HOSTNAME}-sh 
#source .ssh-agent > /dev/null 
paul@asmith ~ $ cat .ssh/authorized_keys 
ssh-dss AAAAB3NzaC1kc3MAAACBANFVxg1nknfJ/6q0QYjHg+yMBaWRL6dwjwqdPIuqxaEHUh1tK
K8uMlRWZphGC97naAY7dphJ69TtfMKRJBvcCv5VBNFlKg1XYnjYhPs4VdPpvztdt4nNAYK
hEHUXXdoy+ibRU6uJ2ErM2TMpfeUgI2eFDTFj+******************************************
********
IA3kDh68y0/vBP2q+8x8m7NB3+aNNajUXOphSTy3dY3NTts1WcYqKtL6D6/apU7yu6bMZJrX
U8vkm/aE/qh2f0cSdyeJPNvauuw7uSMsL5GjOo6pUuR2CE/d8pjyd7g04vU15BOGlmUj5qZQx
NjndPwez1kAAACBAJ4uhq+49ZKmkUrl5ipcSltw3ZJXYW0QaY+AkZORqNZYz0udAMpAfLN
jh8q6+Q38YiJdNuq7sjeLwntxZpmktIP5M2F4dKudWqEuv4Rae8PVZrZo2Vm4CTtyaDQ7F1fq
XRD7E6kPsIpx1zYRg5Tw+/12qKU7WTBP6VyC7Qq00Fuq paul@seraph
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA13WD4iDk1R2Us92QGFLCCHZrUX+VEdyEwcTq7h9
hphSVoi/lvMr**************************************************v1HsPLxXel4HbbLWiyrNHqNIxF
NNg
RxY9mZSGh6fZhcyFTy8Rvl3oXKSb7OREaGaV/M= paul@seraph

 

attached is keychain (from the gentoo archive) .. might have some other files too . .haven't looked that hard

 

I used ssh-keygen -t rsa & ssh-keygen -t dsa

 

 

HTH

keychain.txt

[paul]

commented out some of my keys .. . :)

[theYinYeti]

Wow Paul! You have a lot of confidence in my knowledge :lol:

 

OK, I looked at this all, but it unfortunately does not solve my problem (as far as I understand...). Actually, I'm just beginning with SSH keys, so my case is much simpler. I don't (explicitely) use ssh-agent (though Mandriva may do so for me), nor do I use keychain.

 

My setup is like this:

me@client ~$ ssh-keygen -t rsa
...location...: <Enter>
...passphrase...: <Enter>
...passphrase again...: <Enter>
me@client ~$ cd .ssh
me@client ~/.ssh$ cat id_rsa.pub >authorized_keys
me@client ~/.ssh$ sftp me@server
...password...: ********<Enter>
> cd .ssh
OK
> mput id_*
Uploaded id_rsa ...
Uploaded id_rsa.pub ...
> put authorized_keys
Uploaded ...
> quit
me@client ~/.ssh$ ssh me@server
...password...: !!!

For that matter:

me@server $ ssh me@server
...password...: !!!

 

As for the configuration, it is Mandriva 2006 default SSH configuration, except that I allow ssh for root (that's how I ckecked that the above procedure does work for root!), and my users ('me' and root) started with no ~/.ssh at all.

 

Besides, when I run ssh -vv, I see all that I should see, according to:

http://www.linuxquestions.org/questions/an...rticle&artid=79

 

Does anyone have an idea? Does anyone use keys that way with Mandriva? Does anyone use keys another way with Mandriva?

 

Yves.

[paul]

I think you may be mixing up your .pub keys

 

me@client ssh-keygen -t rsa

me@client scp ~/.ssh/id_rsa.pub server:.ssh/client.id_rsa.pub

 

 

me@server ssh-keygen -t rsa

me@server scp ~/.ssh/id_rsa.pub client:.ssh/server.id_rsa.pub

 

me@client cat ~/.ssh/server.id_rsa.pub >> ~/.ssh/authorized_keys

 

me@server cat ~/.ssh/client.id_rsa.pub >> ~/.ssh/authorized_keys

 

me@client ssh server

nopassword required

 

me@server ssh client

nopassword required

 

Looks like to me (above post) that you are adding the local key to the local authorized_keys, when you should be adding the opposing id_rsa.pub to each machine.

Meaning the server id should be in the client authorized_keys and the client id shoud be in the server authorized_keys

[theYinYeti]

Thanks Paul, I'll try this... when I'll have time :) I have not used the computer for 3 or 4 days already at home...

 

Yves.

[theYinYeti]

OK. It is working :)

In fact, I was not messing with keys at all. It's just that I use the same keys on the client and the server.

 

The solution lied in permissions! Ssh key-based authentication seems to only work with at most rights 711 on the home-directory, and with exact rights 644 on authorised_keys!

 

Yves.

[paul]

my home dir 700

my ~/.ssh/ 700

my authorized_keys 644

 

Glad its working ;)