Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSH password less

Status
Not open for further replies.

scon44

Technical User
Jun 15, 2005
65
US
Hi and thanks for reading this question.

I've searched around a lot of the last week trying to figure this one out.

Basically I have server01.mydomain.com and server02.mydomain.com

I want to pull files from 01 to 02. So I am stuck on the SSH part without a password.

I am able to SSH into the 02 with the SSH key without it asking for a password. When I try to do so from the server01 and SSH into server02 I get errors saying possible breakin attempt.

I notice when I import my key from 01 to 02 that the key has root@server01.mydomain.com in the key. So I'm curious what user am I actually trying to log in with while on server01 and trying to get to server02?

Thanks for you tips!
 
I would suggest you create a seperate key pair to enable server 1 to access server 2



A Maintenance contract is essential, not a Luxury.
Do things on the cheap & it will cost you dear
 
You will need 2 sets of ssh keys - one for each server.

1.) Generate your keys on each server via
ssh-keygen (see man page for various options)

2.) Once you have your keys, copy the id_rsa.pub (or id_dsa.pub if you create that instead) from 01 to 02.
Put it in the .ssh/authorized_keys file of the account you want to ssh to.

Then do the same with the files from 02. Put the 02 .pub file in the authorized_keys file in the appropriate account on 01.

3.) Make sure the file/directory permissions are not too permissive - otherwise keys wont work

Login directory for each account should be no more permissive than 755. Same for the .ssh directory and the authorized_keys file in it.
The id_rsa (or id_dsa) file should be set to 600.

4.) Test your passwordless connection to the appropriate account from each server.

If it still prompts for a password, verify that permissions and ownerships are set appropriately on each server. 9 times out of 10 this is the reason that ssh keys dont initially work.





Add a little color to your PUTTY terminal: faq52-6627
 
The "possible break in attempt" message could be due to a reverse dns lookup problem.
 
Hmmm,
Look at the known_hosts file of Server2. Did you change the Server1 hostname or IP address? If you did, then it will not let you in unless you delete that entry from known_hosts file.

If you are confused, delete all the entries of Server1 from known_hosts file of Server2, and when you try to ssh to Server2, it will initiate a hand shake (during this time the key is registered in known_hosts file) and ssh to Server2.

Hope this helps.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top