Kyle R. Burton on 21 Jul 2010 06:45:45 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Problems with password-less SSH

  • From: "Kyle R. Burton" <>
  • To: "Philadelphia Linux User's Group Discussion List" <>
  • Subject: Re: [PLUG] Problems with password-less SSH
  • Date: Wed, 21 Jul 2010 09:45:40 -0400
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=8SvGiEoP++pYrCMgPRiA7ND9t7SfhoGQR15oBu8Xwm4=; b=p88zBnRfX9KrmqwqU8JyIqOY61SePpOc4aRnZeMH2/3ERnydAujdCDftZVGvkY5Ng4 1Pdpp1dHztl7KG7ASOYfaHHpU/F44jHHAN8BR7qTALrXyMoBadhtS5yI6PQR6/QAAHet tCY7Hh5eOYTAm6FvJE2izR3hM9WzFerCJ361g=
  • Reply-to: Philadelphia Linux User's Group Discussion List <>
  • Sender:

> What I need to do:
> I need to execute a command on a remote server in my DMZ, and I have been
> doing this via cron. So user "vadmin@admnftp002" needs to execute a command
> as "FileCollector@".

I don't know the exact settings, but it is possible to restrict a key
(in the authorized keys file) to run a single command, even to
restrict it to a single host, I'm using a few settings in one of my
auth keys file:


> What I did:
> As user "vadmin@admnftp002", I created new SSH keys, with no password. (I
> decided to make new keys, rather than keep the old ssh keys I used to use.
> This may have been a mistake ...I still have a copy of the old keys that
> worked on the old remote box, tho).
> I did this by "ssh-keygen -t rsa". Then I copied the public file to
> "FileCollector@" with
> ssh-copy-id -i FileCollector@

One thing that often gets me is to ensure that FileCollector's .ssh
directory is 700, and that the files within it are 600.

> But when I try and test it, I get prompted for a password:
> vadmin@admnftp002:~/.ssh$ ssh FileCollector@ uptime
> FileCollector@'s password:

I've found that trying with verbosity turned up, 'ssh -v -v -v...',
and watching to see if it considers the ssh-key or not helpful.

> This used to work, when the remote server was a Debian box. These were the
> same directions I used back then. But now it's a no-go. Any ideas where to
> find out why? I'm guessing I forgot something in a config, or missed a step,
> but can't figure out where. If I look in "~/.ssh/authorized_keys" on
>, I do see my "vadmin@admnftp002" key listed.



Twitter: @kyleburton
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --