linc on 21 Jul 2010 07:10:27 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Problems with password-less SSH


Mike Leone wrote:
I had this working, between 2 hosts. Then I had to replace one of them, and I can't seem to get it to work anymore ...

What I need to do:
I need to execute a command on a remote server in my DMZ, and I have been doing this via cron. So user "vadmin@admnftp002" needs to execute a command as "FileCollector@192.168.1.30".

What I did:
As user "vadmin@admnftp002", I created new SSH keys, with no password. (I decided to make new keys, rather than keep the old ssh keys I used to use. This may have been a mistake ...I still have a copy of the old keys that worked on the old remote box, tho).

I did this by "ssh-keygen -t rsa". Then I copied the public file to "FileCollector@192.168.1.30" with

ssh-copy-id -i id_rsa.pub FileCollector@192.168.1.30

But when I try and test it, I get prompted for a password:

vadmin@admnftp002:~/.ssh$ ssh FileCollector@192.168.1.30 uptime
FileCollector@192.168.1.30's password:

Now, the remote machine is brand-new install of RHEL 5.4. I checked it's SSH config, and changed:

RSAAuthentication yes
PubkeyAuthentication yes
UsePAM no

and restarted SSH on the remote server, but am still prompted for a password. I am following these directions:

<http://www.debian-administration.org/articles/152>

This used to work, when the remote server was a Debian box. These were the same directions I used back then. But now it's a no-go. Any ideas where to find out why? I'm guessing I forgot something in a config, or missed a step, but can't figure out where. If I look in "~/.ssh/authorized_keys" on 192.168.1.30, I do see my "vadmin@admnftp002" key listed.

Thanks


Hey Mike, check your permissions on the FileCollector@192.168.1.30:.ssh/authorized_keys Should be probably no more than 600 (-rw-------). Every time I hit a snag with passwordless ssh auth, it's permissions related to that file.

--
-Linc Fessenden

In the Beginning there was nothing, which exploded - Yeah right...
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug