The correct format for this setting should be:
Code:
AuthorizedKeysFile %h/.ssh/authorized_keys
And, at least on all the SLES and debian/ubuntu that I have, that should be the default value if you comment it out.
Specifying as I've read before:
Code:
AuthorizedKeysFile /home/%u/.ssh/authorized_keys
won't work for root, only for normal users as long as they have their homes under /home/ (which could be a safe setup, but that's another story).
Ssh, at least on the referred distros, and while from OpenSSH packages, should be absolutely 0 trouble to set up for passwordless authentication, unless you mess up something with the server config beforehand, while trying to "fix" a problem that you created by placing the wrong file name or the wrong dir/file permissions/ownership.
In case of doubt, always use the debug config for both server (sshd_config) and client (-vvv parameter), debugging is there for a reason.
Cheers,
-k-
Quote:
Originally Posted by nperrins
We have had two of us working on getting ssh keys working on a Fedora Core 13 server. We have done this kind of thing many times before and truly believe the ssh set up to be a real pain. For one reason or another you can waste days of time getting it to work.
I have to post this one because the previous poster has almost hit the nail on the head - and we have spent all this time not seeing it here because we weren't searching for the right thing. So for all others out there I think it only right to add a few terms for searching here:
putty keys do not connect
cannot ssh connect to linux server
Fedora Core 13 cannot ssh
linux ssh drops key
sshd bugs
OK, the problem is inside the sshd_config file. There is a setting
AuthorizedKeysFile .ssh/authorized_keys
This is a real bad bug because you look at it and you think it is OK. The problem is that the only way you can find this problem is to see where it looks. You do this by putting sshd into debug logging (by changing another setting in sshd_config - LogLevel INFO to LogLevel DEBUG). When you do that, /var/log/secure shows that sshd is looking for //.ssh/authorized_keys.
So, the previous poster is correct in saying that changing it to /root/.ssh/authorized_keys works. But, of course, you then have to use the same public key for every users (not good). So, the answer is to amend the sshd_config file to look in all users .ssh folders. I haven't done this yet, but it should be straight forward (~/ won't cut it. root sees this as its own home)
So, I have just lost about 20 hours of my life just for that. Thanks guys.
|