Jump to content

ssh with no password [solved]


stv4rn0
 Share

Recommended Posts

I'm trying to configure sshd to skip asking for password when connecting to a nearby PC on the LAN.

I've copied the (client) public key to the remote PC ~/.ssh/authorized_keys file but that didn't work.

Looking around /etc/ssh, I've also uncommented

PubkeyAuthentication yes

AuthorizedKeysFile .ssh/authorized_keys

 

lines from /etc/ssh/sshd_config file. That didn't help either.

Other than that ssh works fine. Any pointers how to get around typing the password? TIA

Edited by stv4rn0
Link to comment
Share on other sites

Alternately you could change the StrictModes to no. Change it and uncomment the line, if it's commented. (which it is by default) Note the default here is "yes," so even with no argument the key file will be checked.

 

This does introduce a minor security hitch, but in years of running a server on the internet without strict modes I've yet to see an exploit.

Link to comment
Share on other sites

You need to change the line that references ChallengeResponse to no so that it will not accept password authentication and only SSH public key access. And you would have had to copy the public key from both machines to each other. For example, my laptop to connect to the server requires that the laptop has the public key of the server in authorized_keys on the laptop as well as the server having the laptops public key in the authorized_keys file on the server.

 

Disabling strict mode wouldn't get this working and is a bad suggestion considering it introduces a security risk as well as the fact it won't fix your problem. All you need is:

 

PubKeyAuthentication yes
RSAAuthentication no
PasswordAuthentication no
ChallengeResponseAuthentication no

 

and you're done. RSA authentication is less secure, so unless you used:

 

ssh-keygen -t dsa

 

and you used rsa to generate your keys, make sure that RSAAuthentication is set to yes. If you're using DSA keys, which are more secure, set it to no. With ChallengeResponseAuthentication set to yes, it will always allow a machine to connect without a public key and give username/password prompting.

Link to comment
Share on other sites

You need to change ....

 

Yves has been on the mark, the remote ~/.ssh directory mode has been 775. When changed to 700 I could "log in" without the password (initially tried 755 mode, that was ok too).

Apparently it works without the server's public key on client PC.

Thank you all for your input

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...