Re: [PLUG] Problems with password-less SSH

Kyle R. Burton on 21 Jul 2010 06:45:45 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Problems with password-less SSH

From: "Kyle R. Burton" <kyle.burton@gmail.com>

To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: Re: [PLUG] Problems with password-less SSH

Date: Wed, 21 Jul 2010 09:45:40 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=8SvGiEoP++pYrCMgPRiA7ND9t7SfhoGQR15oBu8Xwm4=; b=p88zBnRfX9KrmqwqU8JyIqOY61SePpOc4aRnZeMH2/3ERnydAujdCDftZVGvkY5Ng4 1Pdpp1dHztl7KG7ASOYfaHHpU/F44jHHAN8BR7qTALrXyMoBadhtS5yI6PQR6/QAAHet tCY7Hh5eOYTAm6FvJE2izR3hM9WzFerCJ361g=

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

> What I need to do: > I need to execute a command on a remote server in my DMZ, and I have been > doing this via cron. So user "vadmin@admnftp002" needs to execute a command > as "FileCollector@192.168.1.30". I don't know the exact settings, but it is possible to restrict a key (in the authorized keys file) to run a single command, even to restrict it to a single host, I'm using a few settings in one of my auth keys file: from="host-or-ip-addr",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa ...rsa.pub.key.here... > What I did: > As user "vadmin@admnftp002", I created new SSH keys, with no password. (I > decided to make new keys, rather than keep the old ssh keys I used to use. > This may have been a mistake ...I still have a copy of the old keys that > worked on the old remote box, tho). > > I did this by "ssh-keygen -t rsa". Then I copied the public file to > "FileCollector@192.168.1.30" with > > ssh-copy-id -i id_rsa.pub FileCollector@192.168.1.30 One thing that often gets me is to ensure that FileCollector's .ssh directory is 700, and that the files within it are 600. > But when I try and test it, I get prompted for a password: > > vadmin@admnftp002:~/.ssh$ ssh FileCollector@192.168.1.30 uptime > FileCollector@192.168.1.30's password: I've found that trying with verbosity turned up, 'ssh -v -v -v...', and watching to see if it considers the ssh-key or not helpful. > This used to work, when the remote server was a Debian box. These were the > same directions I used back then. But now it's a no-go. Any ideas where to > find out why? I'm guessing I forgot something in a config, or missed a step, > but can't figure out where. If I look in "~/.ssh/authorized_keys" on > 192.168.1.30, I do see my "vadmin@admnftp002" key listed. HTH, Kyle -- Twitter: @kyleburton Blog: http://asymmetrical-view.com/ Fun: http://snapclean.me/ ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Problems with password-less SSH
From: Jason Harlow <jharlow1@gmail.com>

Re: [PLUG] Problems with password-less SSH
From: Mike Leone <turgon@mike-leone.com>

References:

[PLUG] Problems with password-less SSH
From: Mike Leone <turgon@mike-leone.com>

Prev by Date: [PLUG] Problems with password-less SSH

Next by Date: Re: [PLUG] Confounding login problem

Previous by thread: [PLUG] Problems with password-less SSH

Next by thread: Re: [PLUG] Problems with password-less SSH

Index(es):

Date

Thread