SSH without password

[holdahl]

Trying to set up SSH between some AIX server so that users do not have to enter password. (for ssh and scp)

Have created keys on servers and copied them to the other machines (added to authorized_keys).

Still users get the password prompt when trying to connect to the servers.

Do I have to make some changes in sshd_config for this to work.


-holdahl

 

[unixfreak]

You've done it in the wrong direction. Create the key pair on the client and copy the public key to the authorized_keys in .ssh in the user's home directory on the server. Directory should have permissions 700 and authorized_keys 600.

No need to change or restart anything

-----
Cheers,
Henrik Morsing

http://www.aixperts.co.uk/

Join us on irc://chat.freenode.net channel ##aix

 

[holdahl]

Thanks for the reply, will try again in the order you described.

-holdahl

 

[holdahl]

Have tried again, but still users are prompted for password when trying to ssh to the other node.

user@node1/home/user> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/siho/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
7a:44:1f:6d:3d:57:93:00:1f:c8:0c:d2:d5:3c:37:44 user@node1
user@node1:/home/user> cat .ssh/id_rsa.pub | ssh user@node2 'cat >> .ssh/authorized_keys'
user@node2's password:
user@node1:/home/user> ssh user@node hostname
user@node2's password:
node2

Directories have correct permission.


-holdahl

 

[mrn]

Try setting "authorized_keys" file permissions to 644

Mike

"Whenever I dwell for any length of time on my own shortcomings, they gradually begin to seem mild, harmless, rather engaging little things, not at all like the staring defects in other people's characters."

 

[holdahl]

Still getting the password prompt.

Could it have something to do with this setting in the /etc/ssh/sshd_config file.

StrictModes no
#MaxAuthTries 6

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /home/root/.ssh/authorized_keys

Should it have the path to all home dirs?


-holdahl

 

[ccook123]

Here is my step by step, having just done this.

Login to the machine that will be your ssh server and go to your home directory and make the .ssh directory.
$ pwd
/home/ccook
$ mkdir .ssh
$ ls -latr

drwxr-xr-x 2 ccook system 256 Apr 22 13:33 .ssh

At this point you need to pay attention to the permissions on the .ssh directory. If you are ssh'ing to this machine from another user (going joey on client to ccook on server) joey may not have permission to read the .ssh directory and therefore can’t read the authorized_keys2 file in the directory. If this is not the case keep the permissions listed in the post by unixfreak.

Now on the client machine do the following
$ ssh-keygen -t rsa
(accept all defaults and don't enter a paraphrase)
you will get a prompt that says:
"Your identification has been saved in /home/ccook/.ssh/id_rsa"
"Your public key has been saved in /home/ccook/.ssh/id_rsa.pub"

Now, just scp your public key to your .ssh directory we created on the ssh server.

$ scp /home/ccook/.ssh/id_rsa.pub 10.1.x.x:/home/ccook/.ssh/authorized_keys2

now you are good to go and can ssh to your server.

ssh 10.1.x.x

If this doesn't work post the output of your attempt to connect using ssh -v user@hostname

 

[khalidaaa]

I hope this is helpful:

http://www.tek-tips.com/viewthread.cfm?qid=1385815&page=4

Regards,
Khalid

 

[unixfreak]

Change this:

AuthorizedKeysFile /home/root/.ssh/authorized_keys

to this:

AuthorizedKeysFile .ssh/authorized_keys

And it will work. And the permissions should be 600 or it won't work.

-----
Cheers,
Henrik Morsing

http://www.aixperts.co.uk/

Join us on irc://chat.freenode.net channel ##aix

 

[holdahl]

Hi.

Changed to AuthorizedKeysFile .ssh/authorized_keys
and now it works.

Thanks for the help.

-holdahl