FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 01-12-2011, 11:45 AM
Paul Preston
 
Default SSH keygen and login problem

Hi,

Based on your description, it's permission related issue:
"3 I copied yhe public key to my home folder at the remote server like

scp ~/.ssh/id_dsa.pub myuser@remoteserver:/home/myuser.ssh/authorized_keys"

If there was no file in that directory permissions will be defined by umask which is normally set to 755.

Proper permissions below:
[root@server00 .ssh]# ls -la
total 20
drwx------ 2 root root 4096 Oct 29 15:12 .
drwxr-x--- 9 root root 4096 Jan 11 18:37 ..
-rw------- 1 root root 1114 May 2 2010 authorized_keys
-rw-r--r-- 1 root root 405 Oct 29 15:12 known_hosts
[root@server00 .ssh]# umask
0022


Please note: Umask 0022 means effectively 755.

Kind Regards,

--
Paul Preston
Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479
Tubs Hill House, London Road, Sevenoaks, Kent, TN13 1BL
Tel: (+44) 0844 809 4335
Fax: (+44) 01732 459 423
Mob: (+44) 077 9509 3450
Web: www.proxar.co.uk
Email: paul.preston@proxar.co.uk

-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com] On Behalf Of a bv
Sent: 12 January 2011 11:27
To: redhat-list@redhat.com
Subject: SSH keygen and login problem

Hi,,

For my file transfer script i want to use scp without password. Here is nearly what i have done:
1- I logined to my Checkpoint (which is Redhat based and the one who is source) with my personal user and gave expert command to have root permissons.
2. Changed directory to /root/.ssh and gave ssh-keygen -t dsa and created the key pairs.
3 I copied yhe public key to my home folder at the remote server like

scp ~/.ssh/id_dsa.pub myuser@remoteserver:/home/myuser.ssh/authorized_keys

4. Then i copied this authorized_keys to the /root/.ssh.
5 then tried to send a sample file from my Checkpoint box to remote server with scp but it requested me to enter a password.

how can i fix this ? then ill adapt my scirpt to this regards.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
Please note that we may monitor or record telephone calls, email traffic data and also the content of email for the purposes of security and staff training. This message (and any associated files or documentation) is intended only for the use of the individual or entity to whom it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files and documentation associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 01-12-2011, 12:41 PM
Abhilash abhi
 
Default SSH keygen and login problem

Hi,

Why cant u use "ssh-copy-id -i ~/.ssh/id_dsa.pub user@IPaddress"(Destination)..
It will automatically copy the public key to ur destination. And u are
creating the key as root or normal user ?

Thanks,



On Wed, Jan 12, 2011 at 5:43 PM, Johan Booysen
<johan@matrixsolutions.co.uk>wrote:

> Might be worth checking the permissions on the .ssh directory and on the
> authorized_keys file. That's bitten me before, and should be:
>
> drwx------ .ssh
> -rw-r--r-- authorized_keys
>
> -----Original Message-----
> From: redhat-list-bounces@redhat.com
> [mailto:redhat-list-bounces@redhat.com] On Behalf Of a bv
> Sent: 12 January 2011 11:27
> To: redhat-list@redhat.com
> Subject: SSH keygen and login problem
>
> Hi,,
>
> For my file transfer script i want to use scp without password. Here
> is nearly what i have done:
> 1- I logined to my Checkpoint (which is Redhat based and the one who
> is source) with my personal user and gave expert command to have root
> permissons.
> 2. Changed directory to /root/.ssh and gave ssh-keygen -t dsa and
> created the key pairs.
> 3 I copied yhe public key to my home folder at the remote server like
>
> scp ~/.ssh/id_dsa.pub
> myuser@remoteserver:/home/myuser.ssh/authorized_keys
>
> 4. Then i copied this authorized_keys to the /root/.ssh.
> 5 then tried to send a sample file from my Checkpoint box to remote
> server
> with scp but it requested me to enter a password.
>
> how can i fix this ? then ill adapt my scirpt to this
> regards.
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



--

Regards,
Abhilash
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 01-12-2011, 01:07 PM
a bv
 
Default SSH keygen and login problem

hi

the .ssh is drwx------

i changed from 600 to 633 for authorized_keys but still asking for password

i checked before ssh-copy-id doesnt seem to be exit on Checkpoint
SPLAT . i login with my normal user then use the expert command (which
is like su) i use the root privilegs for key creating)

2011/1/12, Abhilash abhi <abhilashck72@gmail.com>:
> Hi,
>
> Why cant u use "ssh-copy-id -i ~/.ssh/id_dsa.pub
> user@IPaddress"(Destination)..
> It will automatically copy the public key to ur destination. And u are
> creating the key as root or normal user ?
>
> Thanks,
>
>
>
> On Wed, Jan 12, 2011 at 5:43 PM, Johan Booysen
> <johan@matrixsolutions.co.uk>wrote:
>
>> Might be worth checking the permissions on the .ssh directory and on the
>> authorized_keys file. That's bitten me before, and should be:
>>
>> drwx------ .ssh
>> -rw-r--r-- authorized_keys
>>
>> -----Original Message-----
>> From: redhat-list-bounces@redhat.com
>> [mailto:redhat-list-bounces@redhat.com] On Behalf Of a bv
>> Sent: 12 January 2011 11:27
>> To: redhat-list@redhat.com
>> Subject: SSH keygen and login problem
>>
>> Hi,,
>>
>> For my file transfer script i want to use scp without password. Here
>> is nearly what i have done:
>> 1- I logined to my Checkpoint (which is Redhat based and the one who
>> is source) with my personal user and gave expert command to have root
>> permissons.
>> 2. Changed directory to /root/.ssh and gave ssh-keygen -t dsa and
>> created the key pairs.
>> 3 I copied yhe public key to my home folder at the remote server like
>>
>> scp ~/.ssh/id_dsa.pub
>> myuser@remoteserver:/home/myuser.ssh/authorized_keys
>>
>> 4. Then i copied this authorized_keys to the /root/.ssh.
>> 5 then tried to send a sample file from my Checkpoint box to remote
>> server
>> with scp but it requested me to enter a password.
>>
>> how can i fix this ? then ill adapt my scirpt to this
>> regards.
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
>
> --
>
> Regards,
> Abhilash
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 01-12-2011, 01:40 PM
"Marti, Robert"
 
Default SSH keygen and login problem

So you're trying to connect as root to the remote server? Is passwordless root ssh allowed?

Rob Marti

> -----Original Message-----
> From: redhat-list-bounces@redhat.com [mailto:redhat-list-
> bounces@redhat.com] On Behalf Of a bv
> Sent: Wednesday, January 12, 2011 8:07 AM
> To: General Red Hat Linux discussion list
> Subject: Re: SSH keygen and login problem
>
> hi
>
> the .ssh is drwx------
>
> i changed from 600 to 633 for authorized_keys but still asking for password
>
> i checked before ssh-copy-id doesnt seem to be exit on Checkpoint SPLAT . i
> login with my normal user then use the expert command (which is like su) i
> use the root privilegs for key creating)
>
> 2011/1/12, Abhilash abhi <abhilashck72@gmail.com>:
> > Hi,
> >
> > Why cant u use "ssh-copy-id -i ~/.ssh/id_dsa.pub
> > user@IPaddress"(Destination)..
> > It will automatically copy the public key to ur destination. And u are
> > creating the key as root or normal user ?
> >
> > Thanks,
> >
> >
> >
> > On Wed, Jan 12, 2011 at 5:43 PM, Johan Booysen
> > <johan@matrixsolutions.co.uk>wrote:
> >
> >> Might be worth checking the permissions on the .ssh directory and on
> >> the authorized_keys file. That's bitten me before, and should be:
> >>
> >> drwx------ .ssh
> >> -rw-r--r-- authorized_keys
> >>
> >> -----Original Message-----
> >> From: redhat-list-bounces@redhat.com
> >> [mailto:redhat-list-bounces@redhat.com] On Behalf Of a bv
> >> Sent: 12 January 2011 11:27
> >> To: redhat-list@redhat.com
> >> Subject: SSH keygen and login problem
> >>
> >> Hi,,
> >>
> >> For my file transfer script i want to use scp without password. Here
> >> is nearly what i have done:
> >> 1- I logined to my Checkpoint (which is Redhat based and the one who
> >> is source) with my personal user and gave expert command to have
> >> root permissons.
> >> 2. Changed directory to /root/.ssh and gave ssh-keygen -t dsa and
> >> created the key pairs.
> >> 3 I copied yhe public key to my home folder at the remote server
> >> like
> >>
> >> scp ~/.ssh/id_dsa.pub
> >> myuser@remoteserver:/home/myuser.ssh/authorized_keys
> >>
> >> 4. Then i copied this authorized_keys to the /root/.ssh.
> >> 5 then tried to send a sample file from my Checkpoint box to remote
> >> server with scp but it requested me to enter a password.
> >>
> >> how can i fix this ? then ill adapt my scirpt to this regards.
> >>
> >> --
> >> redhat-list mailing list
> >> unsubscribe mailto:redhat-list-
> request@redhat.com?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >>
> >> --
> >> redhat-list mailing list
> >> unsubscribe mailto:redhat-list-
> request@redhat.com?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >>
> >
> >
> >
> > --
> >
> > Regards,
> > Abhilash
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 01-12-2011, 01:52 PM
Paul Preston
 
Default SSH keygen and login problem

Hi,

633 for authorised_keys - interesting...

Please change it to 700, copy the content of authorised_keys manually and try "ssh -v <host>"

This should show you why you can't use ssh key to authenticate.

Kind regards,

--
Paul Preston
Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479
Tubs Hill House, London Road, Sevenoaks, Kent, TN13 1BL
Tel: (+44) 0844 809 4335
Fax: (+44) 01732 459 423
Mob: (+44) 077 9509 3450
Web: www.proxar.co.uk
Email: paul.preston@proxar.co.uk


-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com] On Behalf Of a bv
Sent: 12 January 2011 14:07
To: General Red Hat Linux discussion list
Subject: Re: SSH keygen and login problem

hi

the .ssh is drwx------

i changed from 600 to 633 for authorized_keys but still asking for password

i checked before ssh-copy-id doesnt seem to be exit on Checkpoint SPLAT . i login with my normal user then use the expert command (which is like su) i use the root privilegs for key creating)

2011/1/12, Abhilash abhi <abhilashck72@gmail.com>:
> Hi,
>
> Why cant u use "ssh-copy-id -i ~/.ssh/id_dsa.pub
> user@IPaddress"(Destination)..
> It will automatically copy the public key to ur destination. And u are
> creating the key as root or normal user ?
>
> Thanks,
>
>
>
> On Wed, Jan 12, 2011 at 5:43 PM, Johan Booysen
> <johan@matrixsolutions.co.uk>wrote:
>
>> Might be worth checking the permissions on the .ssh directory and on
>> the authorized_keys file. That's bitten me before, and should be:
>>
>> drwx------ .ssh
>> -rw-r--r-- authorized_keys
>>
>> -----Original Message-----
>> From: redhat-list-bounces@redhat.com
>> [mailto:redhat-list-bounces@redhat.com] On Behalf Of a bv
>> Sent: 12 January 2011 11:27
>> To: redhat-list@redhat.com
>> Subject: SSH keygen and login problem
>>
>> Hi,,
>>
>> For my file transfer script i want to use scp without password. Here
>> is nearly what i have done:
>> 1- I logined to my Checkpoint (which is Redhat based and the one who
>> is source) with my personal user and gave expert command to have
>> root permissons.
>> 2. Changed directory to /root/.ssh and gave ssh-keygen -t dsa and
>> created the key pairs.
>> 3 I copied yhe public key to my home folder at the remote server
>> like
>>
>> scp ~/.ssh/id_dsa.pub
>> myuser@remoteserver:/home/myuser.ssh/authorized_keys
>>
>> 4. Then i copied this authorized_keys to the /root/.ssh.
>> 5 then tried to send a sample file from my Checkpoint box to remote
>> server with scp but it requested me to enter a password.
>>
>> how can i fix this ? then ill adapt my scirpt to this regards.
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
>
> --
>
> Regards,
> Abhilash
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
Please note that we may monitor or record telephone calls, email traffic data and also the content of email for the purposes of security and staff training. This message (and any associated files or documentation) is intended only for the use of the individual or entity to whom it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files and documentation associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 01-12-2011, 02:17 PM
"Johan Booysen"
 
Default SSH keygen and login problem

True - should rather be 600 or 700 for the authorized_keys file, even if
it is a public key. My bad - apologies.

What I've found in the past is that if you mess with the .ssh
directory's permissions for whatever reason (e.g. manually creating the
directory) then it can break the public/private keys authentication
process.

-----Original Message-----
From: redhat-list-bounces@redhat.com
[mailto:redhat-list-bounces@redhat.com] On Behalf Of Paul Preston
Sent: 12 January 2011 14:53
To: General Red Hat Linux discussion list
Subject: RE: SSH keygen and login problem

Hi,

633 for authorised_keys - interesting...

Please change it to 700, copy the content of authorised_keys manually
and try "ssh -v <host>"

This should show you why you can't use ssh key to authenticate.

Kind regards,

--
Paul Preston
Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479
Tubs Hill House, London Road, Sevenoaks, Kent, TN13 1BL
Tel: (+44) 0844 809 4335
Fax: (+44) 01732 459 423
Mob: (+44) 077 9509 3450
Web: www.proxar.co.uk
Email: paul.preston@proxar.co.uk


-----Original Message-----
From: redhat-list-bounces@redhat.com
[mailto:redhat-list-bounces@redhat.com] On Behalf Of a bv
Sent: 12 January 2011 14:07
To: General Red Hat Linux discussion list
Subject: Re: SSH keygen and login problem

hi

the .ssh is drwx------

i changed from 600 to 633 for authorized_keys but still asking for
password

i checked before ssh-copy-id doesnt seem to be exit on Checkpoint SPLAT
. i login with my normal user then use the expert command (which is like
su) i use the root privilegs for key creating)

2011/1/12, Abhilash abhi <abhilashck72@gmail.com>:
> Hi,
>
> Why cant u use "ssh-copy-id -i ~/.ssh/id_dsa.pub
> user@IPaddress"(Destination)..
> It will automatically copy the public key to ur destination. And u are
> creating the key as root or normal user ?
>
> Thanks,
>
>
>
> On Wed, Jan 12, 2011 at 5:43 PM, Johan Booysen
> <johan@matrixsolutions.co.uk>wrote:
>
>> Might be worth checking the permissions on the .ssh directory and on
>> the authorized_keys file. That's bitten me before, and should be:
>>
>> drwx------ .ssh
>> -rw-r--r-- authorized_keys
>>
>> -----Original Message-----
>> From: redhat-list-bounces@redhat.com
>> [mailto:redhat-list-bounces@redhat.com] On Behalf Of a bv
>> Sent: 12 January 2011 11:27
>> To: redhat-list@redhat.com
>> Subject: SSH keygen and login problem
>>
>> Hi,,
>>
>> For my file transfer script i want to use scp without password. Here
>> is nearly what i have done:
>> 1- I logined to my Checkpoint (which is Redhat based and the one who
>> is source) with my personal user and gave expert command to have
>> root permissons.
>> 2. Changed directory to /root/.ssh and gave ssh-keygen -t dsa and
>> created the key pairs.
>> 3 I copied yhe public key to my home folder at the remote server
>> like
>>
>> scp ~/.ssh/id_dsa.pub
>> myuser@remoteserver:/home/myuser.ssh/authorized_keys
>>
>> 4. Then i copied this authorized_keys to the /root/.ssh.
>> 5 then tried to send a sample file from my Checkpoint box to remote
>> server with scp but it requested me to enter a password.
>>
>> how can i fix this ? then ill adapt my scirpt to this regards.
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
>
> --
>
> Regards,
> Abhilash
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
Please note that we may monitor or record telephone calls, email traffic
data and also the content of email for the purposes of security and
staff training. This message (and any associated files or documentation)
is intended only for the use of the individual or entity to whom it is
addressed and may contain information that is confidential, subject to
copyright or constitutes a trade secret. If you are not the intended
recipient you are hereby notified that any dissemination, copying or
distribution of this message, or files and documentation associated with
this message, is strictly prohibited. If you have received this message
in error, please notify us immediately by replying to the message and
deleting it from your computer. Any views or opinions presented are
solely those of the author and do not necessarily represent those of the
company.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 01-12-2011, 03:10 PM
upen
 
Default SSH keygen and login problem

What does /var/log/secure say ?

I have had this issue happening due to bad modes on Home directory in
RHEL6. chmod g-w $HOME fixed it.

Other than that current permissions on .ssh are 755
600 on authorized_keys and id_rsa
644 on id_rsa.pub

Password-less authentication works using ssh-keypair

Thanks,
A

>>> -----Original Message-----
>>> From: redhat-list-bounces@redhat.com
>>> [mailto:redhat-list-bounces@redhat.com] On Behalf Of a bv
>>> Sent: 12 January 2011 11:27
>>> To: redhat-list@redhat.com
>>> Subject: SSH keygen and login problem
>>>
>>> Hi,,
>>>
>>> For my file transfer script i want to use scp without password. Here
>>> is nearly what i have done:
>>> 1- I logined to my Checkpoint (which is Redhat based and the one who
>>> is source) with my personal user and gave expert command to have
>>> root permissons.
>>> 2. Changed directory to /root/.ssh and gave ssh-keygen -t dsa and
>>> created the key pairs.
>>> 3 I copied yhe public key to my home folder at the remote server
>>> like
>>>
>>> scp ~/.ssh/id_dsa.pub
>>> myuser@remoteserver:/home/myuser.ssh/authorized_keys
>>>
>>> 4. Then i copied this authorized_keys to the /root/.ssh.
>>> 5 then tried to send a sample file from my Checkpoint box to remote
>>> server with scp but it requested me to enter a password.
>>>
>>> how can i fix this ? then ill adapt my scirpt to this regards.
>>>
>>> --



--
upen,
emerge -uD life (Upgrade Life with dependencies)

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 07:31 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org