FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 01-07-2009, 03:36 PM
"Beau J. Bechdol"
 
Default ssh public key authentication

Have you changed the sshd_config file to reflect the use of PublicKey Auth?
-Beau



On Wed, Jan 7, 2009 at 9:10 AM, Luca Ferrari <fluca1978@infinito.it> wrote:

Hi,

I'd like a user to ssh another host (both ubuntu 8.1) without being prompted

for a password, so I copied the rsa (and also dsa) public keys to the target

host, added these keys to the authorized_keys file but when I do ssh I'm

prompted for a password, and I don't understand why. Here's an excerpet of the

debug messages of the ssh client:



debug1: Next authentication method: publickey

debug1: Trying private key: /var/backups/.ssh/identity

debug3: no such identity: /var/backups/.ssh/identity

debug1: Offering public key: /var/backups/.ssh/id_rsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Authentications that can continue: publickey,password

debug1: Offering public key: /var/backups/.ssh/id_dsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Authentications that can continue: publickey,password

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred: ,password

debug3: authmethod_is_enabled password





anyone has an idea of what the problem could be?



Thanks,

Luca



--

ubuntu-users mailing list

ubuntu-users@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-07-2009, 03:38 PM
"Beau J. Bechdol"
 
Default ssh public key authentication

Maybe this will help a bit more?

https://help.ubuntu.com/community/SSHHowto#Public%20key%20authentication
-Beau




On Wed, Jan 7, 2009 at 9:36 AM, Beau J. Bechdol <bbechdol@gmail.com> wrote:

Have you changed the sshd_config file to reflect the use of PublicKey Auth?
-Beau



On Wed, Jan 7, 2009 at 9:10 AM, Luca Ferrari <fluca1978@infinito.it> wrote:


Hi,

I'd like a user to ssh another host (both ubuntu 8.1) without being prompted

for a password, so I copied the rsa (and also dsa) public keys to the target

host, added these keys to the authorized_keys file but when I do ssh I'm

prompted for a password, and I don't understand why. Here's an excerpet of the

debug messages of the ssh client:



debug1: Next authentication method: publickey

debug1: Trying private key: /var/backups/.ssh/identity

debug3: no such identity: /var/backups/.ssh/identity

debug1: Offering public key: /var/backups/.ssh/id_rsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Authentications that can continue: publickey,password

debug1: Offering public key: /var/backups/.ssh/id_dsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Authentications that can continue: publickey,password

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred: ,password

debug3: authmethod_is_enabled password





anyone has an idea of what the problem could be?



Thanks,

Luca



--

ubuntu-users mailing list

ubuntu-users@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users





--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-07-2009, 03:41 PM
"Beau J. Bechdol"
 
Default ssh public key authentication

If the server didn't let you in using your key, find the PubkeyAuthentication line in /etc/ssh/sshd_config and change it to yes. That should do it.
-Beau



On Wed, Jan 7, 2009 at 9:10 AM, Luca Ferrari <fluca1978@infinito.it> wrote:

Hi,

I'd like a user to ssh another host (both ubuntu 8.1) without being prompted

for a password, so I copied the rsa (and also dsa) public keys to the target

host, added these keys to the authorized_keys file but when I do ssh I'm

prompted for a password, and I don't understand why. Here's an excerpet of the

debug messages of the ssh client:



debug1: Next authentication method: publickey

debug1: Trying private key: /var/backups/.ssh/identity

debug3: no such identity: /var/backups/.ssh/identity

debug1: Offering public key: /var/backups/.ssh/id_rsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Authentications that can continue: publickey,password

debug1: Offering public key: /var/backups/.ssh/id_dsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Authentications that can continue: publickey,password

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred: ,password

debug3: authmethod_is_enabled password





anyone has an idea of what the problem could be?



Thanks,

Luca



--

ubuntu-users mailing list

ubuntu-users@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-07-2009, 06:02 PM
"Brian McKee"
 
Default ssh public key authentication

On Wed, Jan 7, 2009 at 11:10 AM, Luca Ferrari <fluca1978@infinito.it> wrote:
> Hi,
> I'd like a user to ssh another host (both ubuntu 8.1) without being prompted
> for a password,

As Mark suggested - check the permissions in the .ssh file - 700 for
the .ssh folder and 600 for the files in it.

What I've been doing lately is using the ssh-copy-id tool to do that
instead of manually moving the files around myself. Much better.
Check it out - man ssh-copy-id

Brian

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-07-2009, 06:31 PM
Smoot Carl-Mitchell
 
Default ssh public key authentication

On Wed, 2009-01-07 at 11:13 -0500, Mark Haney wrote:

> This bites me a lot. Check to make sure the ~/.ssh folder is set to 600
> permissions, including all the files in it. If they /aren't/ set to
> those permissions, it doesn't matter if the key is there, ssh won't
> accept it.

The .ssh directory can be readable by group and other and the
authorized_keys file can also be readable and public key authentication
will work. If those permissions are correct, check the permissions of
the directory path which leads to the .ssh directory. All the ancestor
directories must only be readable by group and other as well.
--
Smoot Carl-Mitchell
System/Network Architect
smoot@tic.com
+1 480 922 7313
cell: +1 602 421 9005

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-07-2009, 06:36 PM
"Mark Haney"
 
Default ssh public key authentication

Smoot Carl-Mitchell wrote:
> On Wed, 2009-01-07 at 11:13 -0500, Mark Haney wrote:
>
>> This bites me a lot. Check to make sure the ~/.ssh folder is set to 600
>> permissions, including all the files in it. If they /aren't/ set to
>> those permissions, it doesn't matter if the key is there, ssh won't
>> accept it.
>
> The .ssh directory can be readable by group and other and the
> authorized_keys file can also be readable and public key authentication
> will work. If those permissions are correct, check the permissions of
> the directory path which leads to the .ssh directory. All the ancestor
> directories must only be readable by group and other as well.

Yeah, that's true. However, being the truly paranoid that I am, I just
set the whole shooting match to 600. But 700 is acceptable for the
directory itself.


--
Frustra laborant quotquot se calculationibus fatigant pro inventione
quadraturae circuli

Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415

Call (866) ERC-7110 for after hours support

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-07-2009, 07:49 PM
Smoot Carl-Mitchell
 
Default ssh public key authentication

On Wed, 2009-01-07 at 14:36 -0500, Mark Haney wrote:
> Smoot Carl-Mitchell wrote:
> > On Wed, 2009-01-07 at 11:13 -0500, Mark Haney wrote:
> >
> >> This bites me a lot. Check to make sure the ~/.ssh folder is set to 600
> >> permissions, including all the files in it. If they /aren't/ set to
> >> those permissions, it doesn't matter if the key is there, ssh won't
> >> accept it.
> >
> > The .ssh directory can be readable by group and other and the
> > authorized_keys file can also be readable and public key authentication
> > will work. If those permissions are correct, check the permissions of
> > the directory path which leads to the .ssh directory. All the ancestor
> > directories must only be readable by group and other as well.
>
> Yeah, that's true. However, being the truly paranoid that I am, I just
> set the whole shooting match to 600. But 700 is acceptable for the
> directory itself.

Yep, paranoia can be a good thing. :-) 700 is required for the
directory, since you do want it searchable. e.g. o+rwx.
--
Smoot Carl-Mitchell
System/Network Architect
smoot@tic.com
+1 480 922 7313
cell: +1 602 421 9005

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-08-2009, 07:07 AM
Luca Ferrari
 
Default ssh public key authentication

Thanks all,
I've double checked my configuration, and the server was accepting rsa
authentication, the key was right (I checked it with another user and it
worked) and the permissions of the .ssh directory were right (0600). Then I
had a look at the home directory of the user and I found that the group was
not right, so I changed and the ssh login worked. So it is important not only
the ownership and permissions of the .ssh directory, but of the whole home
directory.

Thanks,
Luca

On Wednesday 7 January 2009 17:41:18 Beau J. Bechdol wrote:
> If the server didn't let you in using your key, find the *
> PubkeyAuthentication* line in */etc/ssh/sshd_config* and change it to
> *yes*. That should do it.
>
> -Beau
>
> On Wed, Jan 7, 2009 at 9:10 AM, Luca Ferrari <fluca1978@infinito.it> wrote:
> > Hi,
> > I'd like a user to ssh another host (both ubuntu 8.1) without being
> > prompted
> > for a password, so I copied the rsa (and also dsa) public keys to the
> > target
> > host, added these keys to the authorized_keys file but when I do ssh I'm
> > prompted for a password, and I don't understand why. Here's an excerpet
> > of the
> > debug messages of the ssh client:
> >
> > debug1: Next authentication method: publickey
> > debug1: Trying private key: /var/backups/.ssh/identity
> > debug3: no such identity: /var/backups/.ssh/identity
> > debug1: Offering public key: /var/backups/.ssh/id_rsa
> > debug3: send_pubkey_test
> > debug2: we sent a publickey packet, wait for reply
> > debug1: Authentications that can continue: publickey,password
> > debug1: Offering public key: /var/backups/.ssh/id_dsa
> > debug3: send_pubkey_test
> > debug2: we sent a publickey packet, wait for reply
> > debug1: Authentications that can continue: publickey,password
> > debug2: we did not send a packet, disable method
> > debug3: authmethod_lookup password
> > debug3: remaining preferred: ,password
> > debug3: authmethod_is_enabled password
> >
> >
> > anyone has an idea of what the problem could be?
> >
> > Thanks,
> > Luca
> >
> > --
> > ubuntu-users mailing list
> > ubuntu-users@lists.ubuntu.com
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-users


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 02:10 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org