[SOLVED] Ssh authentication using public key not working!

shivaa · 11-02-2012, 10:32 PM

Hello everyone!
I am trying to access a server using ssh public keys without entering a password, but not getting success. Here is situation:
Local machine:
Hostname: saturn.org.com, usrename: jack
Remote machine:
Hostname: mars.org.com, username: root
What I did:
1. Logged in on saturn.org.com as user jack and generated ssh public keys using "ssh-keygen -t rsa"
2. Left password prompt blank when it asked to enter a password (I just pressed enter key)
3. Appended the encrypted public key generate (i.e. content of ~/.ssh/id_rsa.pub) from saturn.org.com into root user's .ssh/authorized_keys file on mars.org.com
4. As final step, from my local machine i.e. saturn.org.com (logged in a jack) I invoked "ssh root@mars.org.com" command to connect to saturn as root without entering a password.
But it's again & again prompts me to enter root's password. So could anybody suggest that where I am making a mistake?

lleb · 11-02-2012, 11:08 PM

did you set sshd to accept rsa keys?

Code:

###### DIRECTIONS FOR CREATING RSA KEY################

	Directions for creating the rsa key and making the two
 servers talk to each other without password.

	1st change directory into .ssh and check what files are there.

 		[rx30@rx30 ~]$ cd .ssh
		[rx30@rx30 .ssh]$ ls -l
		total 4
		-rw-r--r-- 1 rx30 group 2980 Jun 13 12:02 known_hosts

	2nd create the rsa key.

		[rx30@rx30 .ssh]$ ssh-keygen -t rsa -b 4096
		Generating public/private rsa key pair.
		Enter file in which to save the key (/usr/rx30/.ssh/id_rsa):
		Enter passphrase (empty for no passphrase):
		Enter same passphrase again:
		Your identification has been saved in /usr/rx30/.ssh/id_rsa.
		Your public key has been saved in /usr/rx30/.ssh/id_rsa.pub.
		The key fingerprint is:
		cb:b0:40:c6:e9:f4:9e:f5:71:fc:c3:00:c0:f7:c6:75 rx30@rx30.localdomain

	3rd check that there are two new files with the following permissions

		[rx30@rx30 .ssh]$ ls -l
		total 12
		-rw------- 1 rx30 group 3243 Jun 22 15:50 id_rsa
		-rw-r--r-- 1 rx30 group  743 Jun 22 15:50 id_rsa.pub
		-rw-r--r-- 1 rx30 group 2980 Jun 13 12:02 known_hosts
	
	4th change directory back to the users $HOME

		[rx30@rx30 .ssh]$ cd

	5th copy the key to the remote server

		[rx30@rx30 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub rx30@XXX.XXX.XXX.XXX
		25
		rx30@XXX.XXX.XXX.XXX's password:
		Now try logging into the machine, with "ssh 'rx30@XXX.XXX.XXX.XXX'", and check in:

		.ssh/authorized_keys

		to make sure we haven't added extra keys that you weren't expecting.

	6th, follow directions on the screen.

		[rx30@rx30 ~]$ ssh rx30@XXX.XXX.XXX.XXX
		Last login: Fri Jun 22 14:12:08 2012 from 10.10.4.77
		[rx30@rx30 ~]$ exit
		logout
		Connection to XXX.XXX.XXX.XXX closed.

try that and see if it helps.

jsaravana87 · 11-03-2012, 03:35 AM

3. Appended the encrypted public key generate (i.e. content of ~/.ssh/id_rsa.pub) from saturn.org.com into root user's .ssh/authorized_keys file on mars.org.com

4.You have to copy root users mars.org.com id_rsa.pub key to known_hosts of local machine saturn.org.com

5.You have to enable following parameter in sshd_config to accept key attentication

vi /etc/ssh/sshd_config

PubkeyAuthentication yes

AuthorizedKeysFile %h/.ssh/authorized_keys

6.Check out the permission of .ssh,keys,authorized-keys file these may also cause for ssh attentication failure.

http://www.linuxquestions.org/questi...os-rhel-35029/

linosaurusroot · 11-03-2012, 05:09 AM

Quote:

Originally Posted by arun5002

4.You have to copy root users mars.org.com id_rsa.pub key to known_hosts of local machine saturn.org.com

5.You have to enable following parameter in sshd_config to accept key attentication
vi /etc/ssh/sshd_config

PubkeyAuthentication yes

AuthorizedKeysFile %h/.ssh/authorized_keys
http://www.linuxquestions.org/questi...os-rhel-35029/

Points 4 and 5 above are inaccurate.

It is likely sshd_config on mars does not have "PermitRootLogin yes" enabled .. you would need that to perform logins directly as root. I advise against this - log in as an individual user's account and become root when necessary with sudo or su.

http://www.snailbook.com/faq/

jsaravana87 · 11-03-2012, 06:20 AM

@linosaurusroot

I will accept 4 point is inaccurate if the user generate passwordless attentication for normal user .But the user scenerio he has been generating passwordless attentication for his root directory .I dont think what i have posted his wrong if he trying to create passwordless login for his root directory.

4.You have to copy root users mars.org.com id_rsa.pub key to known_hosts of local machine saturn.org.com

@linosaurusroot,

Can you explain what wrong with 5 point i have posted .I dont think without enabling the
PubkeyAuthentication yes passwordless key login never seems to work.

5.You have to enable following parameter in sshd_config to accept key attentication

vi /etc/ssh/sshd_config

PubkeyAuthentication yes

AuthorizedKeysFile %h/.ssh/authorized_keys

linosaurusroot · 11-03-2012, 09:03 AM

Point 4 confused 32 different kinds of keys - host keys (as in known_hosts) and user keys (as in id_rsa.pub).

Point 5 overlooks that in /etc/ssh/sshd_config
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
are the defaults and do not need to be uncommented unless you mean to change them.

shivaa · 03-04-2013, 07:20 AM

Found a solution finally.

Thanks everyone for your responses.

Ciao.

linosaurusroot · 03-04-2013, 07:27 AM

You should detail what the solution was for the benefit of anyone coming across this thread later.

http://xkcd.com/979/

shivaa · 03-04-2013, 07:40 AM

Quote:

Originally Posted by linosaurusroot

You should detail what the solution was for the benefit of anyone coming across this thread later.

Of course, why not. I am actually writing a blog on the same, so very soon I will share my blog here with complete procedure.

shivaa · 03-07-2013, 09:44 PM

For complete procedure, please follow my blog here.

RaviTezu · 03-07-2013, 10:19 PM

Quote:

Originally Posted by shivaa

For complete procedure, please follow my blog here.

Thanks for posting the solution.
I'd like to know, how can i login to remote machine as root being a normal user on local machine ?
i.e i'd like to login as root on mars from being a jack on saturn.

Will that work if we copy the ssh public key of jack to the /root/.ssh/authorized_keys file on mars?

shivaa · 03-07-2013, 10:53 PM

@RaviTezu:
You will first need to generate rsa keys for root user on saturn.

Code:

root@saturn~# ssh-keygen -t rsa

Then copy or append this key into root user's ~/.ssh/authorized_keys file on mars.

Code:

root@saturn~# cat ~/.ssh/id_rsa.pub | ssh root@mars 'cat >> ~/.ssh/authorized_keys'

RaviTezu · 03-07-2013, 11:00 PM

Thanks for the reply.

That will allow the root user from saturn to login as root into mars.

What i need is .. being jack on saturn..i want to login as root into mars.

Will it work if i add jack ssh public key(Which is generated on mars)to the /root/.ssh/authorizes_keys(Which is residing in root home directory) on mars?

---------- Post added 03-08-13 at 10:31 AM ----------

& It is working!! Thanks shivaa!

shivaa · 03-07-2013, 11:17 PM

Yes, it should work. You can test it.