stv4rn0 Posted December 7, 2008 Report Share Posted December 7, 2008 (edited) I'm trying to configure sshd to skip asking for password when connecting to a nearby PC on the LAN. I've copied the (client) public key to the remote PC ~/.ssh/authorized_keys file but that didn't work. Looking around /etc/ssh, I've also uncommented PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys lines from /etc/ssh/sshd_config file. That didn't help either. Other than that ssh works fine. Any pointers how to get around typing the password? TIA Edited December 8, 2008 by stv4rn0 Quote Link to comment Share on other sites More sharing options...
theYinYeti Posted December 7, 2008 Report Share Posted December 7, 2008 Make sure, on the server (remote) side, that .ssh is in mode 700 (drwx------), and authorized_keys is in mode 600 (-rw-------). Yves. Quote Link to comment Share on other sites More sharing options...
catworld Posted December 7, 2008 Report Share Posted December 7, 2008 Alternately you could change the StrictModes to no. Change it and uncomment the line, if it's commented. (which it is by default) Note the default here is "yes," so even with no argument the key file will be checked. This does introduce a minor security hitch, but in years of running a server on the internet without strict modes I've yet to see an exploit. Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted December 7, 2008 Report Share Posted December 7, 2008 You need to change the line that references ChallengeResponse to no so that it will not accept password authentication and only SSH public key access. And you would have had to copy the public key from both machines to each other. For example, my laptop to connect to the server requires that the laptop has the public key of the server in authorized_keys on the laptop as well as the server having the laptops public key in the authorized_keys file on the server. Disabling strict mode wouldn't get this working and is a bad suggestion considering it introduces a security risk as well as the fact it won't fix your problem. All you need is: PubKeyAuthentication yes RSAAuthentication no PasswordAuthentication no ChallengeResponseAuthentication no and you're done. RSA authentication is less secure, so unless you used: ssh-keygen -t dsa and you used rsa to generate your keys, make sure that RSAAuthentication is set to yes. If you're using DSA keys, which are more secure, set it to no. With ChallengeResponseAuthentication set to yes, it will always allow a machine to connect without a public key and give username/password prompting. Quote Link to comment Share on other sites More sharing options...
stv4rn0 Posted December 8, 2008 Author Report Share Posted December 8, 2008 You need to change .... Yves has been on the mark, the remote ~/.ssh directory mode has been 775. When changed to 700 I could "log in" without the password (initially tried 755 mode, that was ok too). Apparently it works without the server's public key on client PC. Thank you all for your input Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.