FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 07-22-2008, 09:59 PM
Ben Kevan
 
Default SSH Keys for password less ssh sessions

I know this may sound silly, but I have done this quite a few times (I come
from a SUSE background), but this wouldn't work for me from a RHEL4 to a
RHEL4 box).

Here is what I am doing:

for i in `cat filename`; do ssh-copy-id -i .ssh/id_dsa.pub username@$i; done

I have copied over ssh-copy-id from another server (suse box) and it contains:
#!/bin/sh

# Shell script to install your identity.pub on a remote machine
# Takes the remote machine name as an argument.
# Obviously, the remote machine must accept password authentication,
# or one of the other keys in your ssh-agent, for this to work.

ID_FILE="${HOME}/.ssh/identity.pub"

if [ "-i" = "$1" ]; then
shift
# check if we have 2 parameters left, if so the first is the new ID file
if [ -n "$2" ]; then
if expr "$1" : ".*.pub" > /dev/null ; then
ID_FILE="$1"
else
ID_FILE="$1.pub"
fi
shift # and this should leave $1 as the target name
fi
else
if [ x$SSH_AUTH_SOCK != x ] ; then
GET_ID="$GET_ID ssh-add -L"
fi
fi

if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
GET_ID="cat ${ID_FILE}"
fi

if [ -z "`eval $GET_ID`" ]; then
echo "$0: ERROR: No identities found" >&2
exit 1
fi

if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
exit 1
fi

{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat
>> .ssh/authorized_keys" || exit 1

cat <<EOF
Now try logging into the machine, with "ssh '$1'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

EOF

-------------------------

>From my suse box, I run this and authorized_keys is updated and I can now log
into those from my suse box without the need for the password, HOWEVER from a
RHEL4 box, I run that, and it runs through everything, but when I ssh to the
other box, I am still prompted for my password. I see the matching key in
authorized_keys, so I am kind of at a loss of what the issue is.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-23-2008, 03:10 AM
"Sanjay Chakraborty"
 
Default SSH Keys for password less ssh sessions

I do not know why you are writing a script for this. In redhat for ssh
key fingureprint do:
type ssh-keygen -t rsa or dsa
it will create two .files id_rsa and id_rsa.pub (if you type dsa it
will be id_dsa) in .ssh directory. copy id_rsa.pub key to other box in
.ssh directory and name that authorized_keys.
Remember .ssh should be 700 as permission. Now do ssh from that user
you should be able to login without local password.



On Tue, Jul 22, 2008 at 5:59 PM, Ben Kevan <ben.kevan@gmail.com> wrote:
> I know this may sound silly, but I have done this quite a few times (I come
> from a SUSE background), but this wouldn't work for me from a RHEL4 to a
> RHEL4 box).
>
> Here is what I am doing:
>
> for i in `cat filename`; do ssh-copy-id -i .ssh/id_dsa.pub username@$i; done
>
> I have copied over ssh-copy-id from another server (suse box) and it contains:
> #!/bin/sh
>
> # Shell script to install your identity.pub on a remote machine
> # Takes the remote machine name as an argument.
> # Obviously, the remote machine must accept password authentication,
> # or one of the other keys in your ssh-agent, for this to work.
>
> ID_FILE="${HOME}/.ssh/identity.pub"
>
> if [ "-i" = "$1" ]; then
> shift
> # check if we have 2 parameters left, if so the first is the new ID file
> if [ -n "$2" ]; then
> if expr "$1" : ".*.pub" > /dev/null ; then
> ID_FILE="$1"
> else
> ID_FILE="$1.pub"
> fi
> shift # and this should leave $1 as the target name
> fi
> else
> if [ x$SSH_AUTH_SOCK != x ] ; then
> GET_ID="$GET_ID ssh-add -L"
> fi
> fi
>
> if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
> GET_ID="cat ${ID_FILE}"
> fi
>
> if [ -z "`eval $GET_ID`" ]; then
> echo "$0: ERROR: No identities found" >&2
> exit 1
> fi
>
> if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
> echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
> exit 1
> fi
>
> { eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat
>>> .ssh/authorized_keys" || exit 1
>
> cat <<EOF
> Now try logging into the machine, with "ssh '$1'", and check in:
>
> .ssh/authorized_keys
>
> to make sure we haven't added extra keys that you weren't expecting.
>
> EOF
>
> -------------------------
>
> >From my suse box, I run this and authorized_keys is updated and I can now log
> into those from my suse box without the need for the password, HOWEVER from a
> RHEL4 box, I run that, and it runs through everything, but when I ssh to the
> other box, I am still prompted for my password. I see the matching key in
> authorized_keys, so I am kind of at a loss of what the issue is.
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



--
Regards.
Sanjay Chakraborty

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-23-2008, 03:53 AM
Ben Kevan
 
Default SSH Keys for password less ssh sessions

On Tuesday 22 July 2008 08:10:02 pm Sanjay Chakraborty wrote:
> I do not know why you are writing a script for this. In redhat for ssh
> key fingureprint do:
> type ssh-keygen -t rsa or dsa
> it will create two .files id_rsa and id_rsa.pub (if you type dsa it
> will be id_dsa) in .ssh directory. copy id_rsa.pub key to other box in
> .ssh directory and name that authorized_keys.
> Remember .ssh should be 700 as permission. Now do ssh from that user
> you should be able to login without local password.
>

If you read the script, it does what you just said. Why would I do it? It's
quit a bit easier to run ssh-copy-id user@$i then it is to do the whole copy
command, then append it to the current authorized_keys file.

With that said, the method you talk about (using DSA does not work). On
another server with identical /etc/ssh/sshd_config it works .. what's the
deal?


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-23-2008, 06:45 AM
"Andre Dill"
 
Default SSH Keys for password less ssh sessions

Hi Ben,

Try renaming .ssh/authorized_keys to .ssh/authorized_keys2 and make sure
that you chmod 600 .ssh/authorized_keys2

Regards,
Andre

-----Original Message-----
From: redhat-list-bounces@redhat.com
[mailto:redhat-list-bounces@redhat.com] On Behalf Of Ben Kevan
Sent: 23 July 2008 05:54 AM
To: General Red Hat Linux discussion list
Subject: Re: SSH Keys for password less ssh sessions

On Tuesday 22 July 2008 08:10:02 pm Sanjay Chakraborty wrote:
> I do not know why you are writing a script for this. In redhat for ssh
> key fingureprint do:
> type ssh-keygen -t rsa or dsa
> it will create two .files id_rsa and id_rsa.pub (if you type dsa it
> will be id_dsa) in .ssh directory. copy id_rsa.pub key to other box in
> .ssh directory and name that authorized_keys.
> Remember .ssh should be 700 as permission. Now do ssh from that user
> you should be able to login without local password.
>

If you read the script, it does what you just said. Why would I do it?
It's
quit a bit easier to run ssh-copy-id user@$i then it is to do the whole
copy
command, then append it to the current authorized_keys file.

With that said, the method you talk about (using DSA does not work). On
another server with identical /etc/ssh/sshd_config it works .. what's
the
deal?


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

DISCLAIMER: This email and any files transmitted with it are confidential to DataCash Group plc and its group companies. It is intended only for the person to whom it is addressed. If you have received this email in error, please forward it to info@datacash.com with the subject line "Received in Error". If you are not the intended recipient you must not use, disclose, copy, print, distribute or rely on this email or any transmitted files. DataCash Ltd is registered in England and Wales no. 3430157. DataCash Ltd is part of the DataCash Group plc. DataCash Group plc is registered in England and Wales no. 3168091. DataCash Ltd and DataCash Group plc registered address is Descartes House, 8 Gate Street, London, WC2A 3HP, United Kingdom.

Save a tree...Please only print this page if essential


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-23-2008, 03:18 PM
Ben Kevan
 
Default SSH Keys for password less ssh sessions

On Tuesday 22 July 2008 11:45:32 pm Andre Dill wrote:
> Hi Ben,
>
> Try renaming .ssh/authorized_keys to .ssh/authorized_keys2 and make sure
> that you chmod 600 .ssh/authorized_keys2
>
> Regards,
> Andre
>

I have actually copied my id_dsa.pub as authorized_keys2 with the same
behavior as appending to authorized_keys .. It's a strange one.

Ben


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-23-2008, 03:58 PM
 
Default SSH Keys for password less ssh sessions

Ben,

>Date: Wed, 23 Jul 2008 08:18:56 -0700
>From: Ben Kevan <ben.kevan@gmail.com>
>On Tuesday 22 July 2008 11:45:32 pm Andre Dill wrote:
>>
>> Try renaming .ssh/authorized_keys to .ssh/authorized_keys2 and make sure
>> that you chmod 600 .ssh/authorized_keys2
>
>I have actually copied my id_dsa.pub as authorized_keys2 with the same
>behavior as appending to authorized_keys .. It's a strange one.

I haven't been following this thread, but a thought hit me: first, what are the permissions on the .ssh directory, and on the files within it, and second, is selinux enabled?

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-23-2008, 08:35 PM
Ben Kevan
 
Default SSH Keys for password less ssh sessions

On Wednesday 23 July 2008 08:58:33 am m.roth2006@rcn.com wrote:
> Ben,
>
> >Date: Wed, 23 Jul 2008 08:18:56 -0700
> >From: Ben Kevan <ben.kevan@gmail.com>
> >
> >On Tuesday 22 July 2008 11:45:32 pm Andre Dill wrote:
> >> Try renaming .ssh/authorized_keys to .ssh/authorized_keys2 and make sure
> >> that you chmod 600 .ssh/authorized_keys2
> >
> >I have actually copied my id_dsa.pub as authorized_keys2 with the same
> >behavior as appending to authorized_keys .. It's a strange one.
>
> I haven't been following this thread, but a thought hit me: first, what are
> the permissions on the .ssh directory, and on the files within it, and
> second, is selinux enabled?
>
> mark

selinux disabled and 600 on the files.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-24-2008, 12:41 AM
mark
 
Default SSH Keys for password less ssh sessions

Ben Kevan wrote:
> On Wednesday 23 July 2008 08:58:33 am m.roth2006@rcn.com wrote:
>> Ben,
>>
>>> Date: Wed, 23 Jul 2008 08:18:56 -0700
>>> From: Ben Kevan <ben.kevan@gmail.com>
>>>
>>> On Tuesday 22 July 2008 11:45:32 pm Andre Dill wrote:
>>>> Try renaming .ssh/authorized_keys to .ssh/authorized_keys2 and make sure
>>>> that you chmod 600 .ssh/authorized_keys2
>>> I have actually copied my id_dsa.pub as authorized_keys2 with the same
>>> behavior as appending to authorized_keys .. It's a strange one.
>> I haven't been following this thread, but a thought hit me: first, what are
>> the permissions on the .ssh directory, and on the files within it, and
>> second, is selinux enabled?
>
> selinux disabled and 600 on the files.
>
Hmmm... is the *public* key readable by any other than owner? I'm not really
sure, but I think it might need to be world-readable.

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-24-2008, 01:38 AM
"Sanjay Chakraborty"
 
Default SSH Keys for password less ssh sessions

If you are running RHEL it should not be a problem. Did you compile
the ssh/openssh from tar ball? Are you using different user? Is root
disable? If all these are no then follow the steps carefully and it
should work. I did many times and it takes not more than 2 minutes. I
did in RHEL 3/4/5

On Tue, Jul 22, 2008 at 11:53 PM, Ben Kevan <ben.kevan@gmail.com>
> On Tuesday 22 July 2008 08:10:02 pm Sanjay Chakraborty wrote:
>> I do not know why you are writing a script for this. In redhat for ssh
>> key fingureprint do:
>> type ssh-keygen -t rsa or dsa
>> it will create two .files id_rsa and id_rsa.pub (if you type dsa it
>> will be id_dsa) in .ssh directory. copy id_rsa.pub key to other box in
>> .ssh directory and name that authorized_keys.
>> Remember .ssh should be 700 as permission. Now do ssh from that user
>> you should be able to login without local password.
>>
>
> If you read the script, it does what you just said. Why would I do it? It's
> quit a bit easier to run ssh-copy-id user@$i then it is to do the whole copy
> command, then append it to the current authorized_keys file.
>
> With that said, the method you talk about (using DSA does not work). On
> another server with identical /etc/ssh/sshd_config it works .. what's the
> deal?
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



--
Regards.
Sanjay Chakraborty

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-24-2008, 02:28 PM
Ben Kevan
 
Default SSH Keys for password less ssh sessions

On Wednesday 23 July 2008 06:38:08 pm Sanjay Chakraborty wrote:
> If you are running RHEL it should not be a problem. Did you compile
> the ssh/openssh from tar ball? Are you using different user? Is root
> disable? If all these are no then follow the steps carefully and it
> should work. I *did many times and it takes not more than 2 minutes. I
> did in RHEL 3/4/5

openssh installed from repository. I have done it many times too. Some of the
servers work, but some of them don't. I really don't get it. I'll check to
verify that the uids on all the boxes match. I'll let you know if that fixes
it.

Ben

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 11:18 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org