How can i setup ssh password-less login for particular user?

bentech4u · May 26, 2015, 2:49am

HI Community.

I was trying to create ssh password less authentication for one user called night and it's not working for me.

These are the steps I followed:-

I have logged into the server and issued ssh-ketgen -t rsa

bash-3.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/log/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /log/.ssh/id_rsa.
Your public key has been saved in /log/.ssh/id_rsa.pub.
The key fingerprint is:
fa:b8:21:8e:67:c1:d1:9b:ed:88:9d:c9:fd:2a:ef:f1 night@test

bash-3.2$ ls
id_rsa       id_rsa.pub   known_hosts

After that I have copied this key to client machine:-

cat id_rsa.pub | ssh night@192.168.1.2 'cat >> .ssh/authorized_keys && echo "Copied"'

and changed permission of authorized_keys to 600 and .ssh folder to 700.

I restarted ssh daemon on client, but it again asking for password when I am trying to connect as night user.

Please help me to fix this issue.

Regards,
Ben

---------- Post updated at 01:49 AM ---------- Previous update was at 01:45 AM ----------

here is the debug output

debug1: Host '192.16.1.12' is known and matches the RSA host key.
debug1: Found key in /log/.ssh/known_hosts:5
debug1: bits set: 1571/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug1: newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug2: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug2: we did not send a packet, disable method
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Trying private key: /log/.ssh/identity
debug1: Trying public key: /log/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /log/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1

RudiC · May 26, 2015, 3:34am

If I read and understand correctly, you've done it the wrong direction. The keys need to be generated on the client, and the public one needs to be added to the server's .ssh/authorized_keys.

bentech4u · May 26, 2015, 4:04am

HI

Thanks for the reply.

Actually I am holding one jumpbox which is having root access to all the servers.

What I did is, I have created ssh-keygen on linux and copied id_rsa.pub key to authorized_keys all the client servers and it's working perfectly

is there any changes on Solaris?

Regards,
Ben

Peasant · May 28, 2015, 10:17am

I suspect permission issues, set 600 on authorized_keys and 644 on $HOME and $HOME/.ssh for the user in question night

Regards
Peasant.

bentech4u · May 28, 2015, 4:00pm

Hi

File and folder permissions was ok. File was 600 and folder 700

What i noticed is that night user home directory is set as /log. Will that cause the issue.?