Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSH without password

Status
Not open for further replies.

holdahl

IS-IT--Management
Apr 4, 2006
213
NO
Trying to set up SSH between some AIX server so that users do not have to enter password. (for ssh and scp)

Have created keys on servers and copied them to the other machines (added to authorized_keys).

Still users get the password prompt when trying to connect to the servers.

Do I have to make some changes in sshd_config for this to work.


-holdahl
 
You've done it in the wrong direction. Create the key pair on the client and copy the public key to the authorized_keys in .ssh in the user's home directory on the server. Directory should have permissions 700 and authorized_keys 600.

No need to change or restart anything

-----
Cheers,
Henrik Morsing
Join us on irc://chat.freenode.net channel ##aix
 
Thanks for the reply, will try again in the order you described.

-holdahl
 
Have tried again, but still users are prompted for password when trying to ssh to the other node.

user@node1/home/user> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/siho/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
7a:44:1f:6d:3d:57:93:00:1f:c8:0c:d2:d5:3c:37:44 user@node1
user@node1:/home/user> cat .ssh/id_rsa.pub | ssh user@node2 'cat >> .ssh/authorized_keys'
user@node2's password:
user@node1:/home/user> ssh user@node hostname
user@node2's password:
node2

Directories have correct permission.


-holdahl
 
Try setting "authorized_keys" file permissions to 644

Mike

"Whenever I dwell for any length of time on my own shortcomings, they gradually begin to seem mild, harmless, rather engaging little things, not at all like the staring defects in other people's characters."
 
Still getting the password prompt.

Could it have something to do with this setting in the /etc/ssh/sshd_config file.

StrictModes no
#MaxAuthTries 6

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /home/root/.ssh/authorized_keys

Should it have the path to all home dirs?


-holdahl
 
Here is my step by step, having just done this.

Login to the machine that will be your ssh server and go to your home directory and make the .ssh directory.
$ pwd
/home/ccook
$ mkdir .ssh
$ ls -latr

drwxr-xr-x 2 ccook system 256 Apr 22 13:33 .ssh

At this point you need to pay attention to the permissions on the .ssh directory. If you are ssh'ing to this machine from another user (going joey on client to ccook on server) joey may not have permission to read the .ssh directory and therefore can’t read the authorized_keys2 file in the directory. If this is not the case keep the permissions listed in the post by unixfreak.

Now on the client machine do the following
$ ssh-keygen -t rsa
(accept all defaults and don't enter a paraphrase)
you will get a prompt that says:
"Your identification has been saved in /home/ccook/.ssh/id_rsa"
"Your public key has been saved in /home/ccook/.ssh/id_rsa.pub"

Now, just scp your public key to your .ssh directory we created on the ssh server.

$ scp /home/ccook/.ssh/id_rsa.pub 10.1.x.x:/home/ccook/.ssh/authorized_keys2

now you are good to go and can ssh to your server.

ssh 10.1.x.x

If this doesn't work post the output of your attempt to connect using ssh -v user@hostname


 
Change this:

AuthorizedKeysFile /home/root/.ssh/authorized_keys

to this:

AuthorizedKeysFile .ssh/authorized_keys

And it will work. And the permissions should be 600 or it won't work.

-----
Cheers,
Henrik Morsing
Join us on irc://chat.freenode.net channel ##aix
 
Hi.

Changed to AuthorizedKeysFile .ssh/authorized_keys
and now it works.

Thanks for the help.

-holdahl
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top