Passwordless SFTP - Can connect from server A to B; but vise-versa not happening

mady135 · March 28, 2016, 1:49am

Hi,

I am trying to execute password less SFTP between two servers A &B. While I was able to connect B from A; I am not able to connect the A from B.
I have done done similar steps for both scenarios:

Creating public key using "ssh-keygen -t rsa".
Appending the content to "authorized_keys" file.
making sure .ssh directory has 700 permission and "authorized_keys" file has 600 permission.

Please help me to find whats wrong I am doing here.

File permission of Server A

A:pts/1:/home/mnand504/.ssh 355>ls -lart
total 128
drwxrwxr-x  19 mnand504   users         8192 Mar 24 06:12 ..
-rw-r--r--   1 mnand504   users            0 Mar 24 06:16 abc.txt
-rw-r--r--   1 mnand504   users          399 Mar 28 01:21 id_rsa.pub_MJ
-rw-------   1 mnand504   users          399 Mar 28 01:29 id_rsa.pub
-rw-------   1 mnand504   users         1679 Mar 28 01:29 id_rsa
-rw-r--r--   1 mnand504   users          444 Mar 28 01:30 known_hosts
drwx------   2 mnand504   users         8192 Mar 28 01:34 .
-rw-------   1 mnand504   users          399 Mar 28 01:35 authorized_keys

File permission of server B

/home/mnand504/.ssh
B->ls -lart
total 112
drwxrwxr-x   3 mnand504   users         8192 Mar 24 06:11 ..
-rw-r--r--   1 mnand504   users            0 Mar 24 06:14 abc.txt
-rw-r--r--   1 mnand504   users          888 Mar 28 01:22 known_hosts
drwx------   2 mnand504   users         8192 Mar 28 01:30 .
-rw-------   1 mnand504   users          798 Mar 28 01:30 authorized_keys
-rw-------   1 mnand504   users         1679 Mar 28 01:33 id_rsa
-rw-------   1 mnand504   users          399 Mar 28 01:33 id_rsa.pub

Skrynesaver · March 28, 2016, 4:21am

Are both hosts using authorized_keys? try copying authorized_keys to authorized_keys2

RudiC · March 28, 2016, 6:24am

Is sshd running on A?

hergp · March 28, 2016, 4:07pm

If A has SELinux enabled, check the file labels on ~/.ssh and ~/.ssh/authorized_keys , they should read as ssh_home_t , for example

$ ls -lZa /home/hergp/.ssh
drwx------. hergp admin unconfined_u:object_r:ssh_home_t:s0 .
drwx------. hergp admin unconfined_u:object_r:user_home_dir_t:s0 ..
-rw-------. hergp admin unconfined_u:object_r:ssh_home_t:s0 authorized_keys
-rw-r--r--. hergp admin unconfined_u:object_r:ssh_home_t:s0 config
-rw-r--r--. hergp admin unconfined_u:object_r:ssh_home_t:s0 known_hosts

Also, your home directory must not be group or world writable.

migurus · March 28, 2016, 5:08pm

I came across a system where I had to change /etc/ssh/sshd_config file and specify

PubkeyAuthentication yes
 PermitEmptyPasswords yes

otherwise passwordless login would fail

Chubler_XL · March 29, 2016, 12:00am

You should avoid having group write on your how directory as this is a security hole (someone in group "users" could rename .ssh and create their own fake one).

If B has "strictmode" set on the sshd server it will refuse to allow pubkey auth. You should have strictmode set on A as well to avoid possible security issues.