FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-20-2009, 05:26 PM
"Johan Elmerfjord"
 
Default passwordless ssh

Other alternatives (that doesn't work as well over internet) - and only
if there is a limited number of programs that you need access to would be to
use snmp or inetd.

SNMP:
Set up a own oid to return the values you are asking for.

Inetd/Xinetd:
telnet to a specific port - will start a program on the master that returns
some output.

But if we are talking about a arbitrary program - and especially over the
internet
- ssh with exchanged keys are preferable.

If you find any of the above alternatives attractive - please let me know
and I can give you some examples.




Johan Elmerfjord
Manager, Unix Systems Administration EMEA
Omniture


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-02-2010, 01:49 AM
Warren Michelsen
 
Default Passwordless ssh

On Mac OS, in order to allow ssh using dsa keys, I would copy
~/.ssh/id_dsa.pub from my machine into ~/.ssh/authorized_keys of the
target machine. I've created .ssh directories in my account home as
well as in /root and copied the respective keys to authorized_keys
files in each.

Strangely, I can now ssh as root with no password but my own user
account still prompts for a password. What might be wrong?


Interestingly, passwordless root ssh log-in worked while
'PermitRootLogin' in /etc/ssh/sshd_config was just 'yes' and before I
changed it to 'without-password'.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-02-2010, 02:20 AM
Larry Brower
 
Default Passwordless ssh

Warren Michelsen wrote:
On Mac OS, in order to allow ssh using dsa keys, I would copy
~/.ssh/id_dsa.pub from my machine into ~/.ssh/authorized_keys of the
target machine. I've created .ssh directories in my account home as
well as in /root and copied the respective keys to authorized_keys
files in each.


Strangely, I can now ssh as root with no password but my own user
account still prompts for a password. What might be wrong?




have you checked /var/log/secure ? If permissions or ownership are not
correct on the authorized_keys file, .ssh or the home directory then
s/key auth will not work.



Interestingly, passwordless root ssh log-in worked while
'PermitRootLogin' in /etc/ssh/sshd_config was just 'yes' and before I
changed it to 'without-password'.




This is correct behavior. The yes just says it will accept password and
s/key for root.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-02-2010, 02:27 AM
"Gregory P. Ennis"
 
Default Passwordless ssh

On Mon, 2010-02-01 at 19:49 -0700, Warren Michelsen wrote:
> On Mac OS, in order to allow ssh using dsa keys, I would copy
> ~/.ssh/id_dsa.pub from my machine into ~/.ssh/authorized_keys of the
> target machine. I've created .ssh directories in my account home as
> well as in /root and copied the respective keys to authorized_keys
> files in each.
>
> Strangely, I can now ssh as root with no password but my own user
> account still prompts for a password. What might be wrong?
>
>
> Interestingly, passwordless root ssh log-in worked while
> 'PermitRootLogin' in /etc/ssh/sshd_config was just 'yes' and before I
> changed it to 'without-password'.
>
> _______________________________________________

Warren,

You should be able to achieve what you are wanting to do. Some
principles that need to be followed are :

#1. If you change anything in sshd_config you must restart sshd before
your changes will become active. You can do this in the root account
easily by entering :

service sshd restart

#2. If you are connecting from one account to another account in
different machines you must have id_dsa.pub
in /home/user/.ssh/authorized_keys file of the account you are
connecting with.

ie if you are logged on as root in one machine and you connect to
another machine to the root account then id_dsa.pub of the original
account has to be in /root/.ssh/authorized_keys of the machine you are
connecting to.

#3. if you are are connecting to an account of a remote machine to an
account different than the one you are on you must have the id_dsa.pub
of your logged on account in the authorized_keys of the remote account.

ie if you are on the root account of one machine and you want to log
onto the warren account of a remote machine you must
have /root/.ssh/id_dsa.pub in /home/warren/.ssh/authorized_keys

The command for this connection would be

"ssh warren@remote.com" or "ssh -l warren remote.com"

Make sure these things are in place, and if it does not work after
checking these things let me know.

Greg Ennis


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-02-2010, 02:35 AM
Agile Aspect
 
Default Passwordless ssh

On Mon, Feb 1, 2010 at 6:49 PM, Warren Michelsen <Warren@mdcclxxvi.com> wrote:
> On Mac OS, in order to allow ssh using dsa keys, I would copy
> ~/.ssh/id_dsa.pub from my machine into ~/.ssh/authorized_keys of the
> target machine. I've created .ssh directories in my account home as
> well as in /root and copied the respective keys to authorized_keys
> files in each.
>
> Strangely, I can now ssh as root with no password but my own user
> account still prompts for a password. What might be wrong?
>
>
> Interestingly, passwordless root ssh log-in worked while
> 'PermitRootLogin' in /etc/ssh/sshd_config was just 'yes' and before I
> changed it to 'without-password'.

Check the permission all your top level directories and the .ssh
directories and it's files.

Basically, group and other writes are forbidden since it would allow
other people to change your keys.

If you're allowing the use of passwords and keys, then it's just
falling back to passwords because the permissions are incorrect.

And I presuming the secret key is not encrypted, i.e., you never set a
passphrase - hence the root login works without a password since the
permissions are correct for key exchange.

Also, on Redhat/Centos/Solaris machines, it's

PermitRootLogin no

or

PermitRootLogin yes

and not

PermitRootLogin without-password

There should be separate entry for passwords

PermitEmptyPasswords no

You have to be barking mad to allow root connections - or any
connection - with an empty passwords.

Note, this isn't Mac mailing list so your mileage will vary. Without a
sshd_config file it's hard to help you.


--
Enjoy global warming while it lasts.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-02-2010, 03:01 AM
Brian Mathis
 
Default Passwordless ssh

On Mon, Feb 1, 2010 at 9:49 PM, Warren Michelsen <Warren@mdcclxxvi.com> wrote:
> On Mac OS, in order to allow ssh using dsa keys, I would copy
> ~/.ssh/id_dsa.pub from my machine into ~/.ssh/authorized_keys of the
> target machine. I've created .ssh directories in my account home as
> well as in /root and copied the respective keys to authorized_keys
> files in each.
>
> Strangely, I can now ssh as root with no password but my own user
> account still prompts for a password. What might be wrong?
>
>
> Interestingly, passwordless root ssh log-in worked while
> 'PermitRootLogin' in /etc/ssh/sshd_config was just 'yes' and before I
> changed it to 'without-password'.
>

chmod 700 ~/.ssh
chmod 600 ~/.authorized_keys
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-02-2010, 04:31 PM
Warren Michelsen
 
Default Passwordless ssh

The problem I was having was due to permissions, as some of you pointed out.

Thanks to all who responded.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 12:43 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org