ssh without password

Duffs22 · December 2, 2011, 7:38am

Hi,

I am trying to generate ssh without having to type a password.

I have done this on numerous occasions using the procedure below and it has worked fine but not on this occasion.

user1@sys1:ssh-keygen -t dsa -N ""
<press enter for any questions>
user1@sys1: ll .ssh/id_dsa.pub
Copy id_dsa.pub file onto sys2 into /tmp dir
user2@sys2: mkdir -p .ssh
user2@sys2:cd .ssh
user2@sys2:cat /tmp/id_dsa.pub >> authorized_Keys

Any ideas why it still prompts for a password?

Regards,
D.

CarloM · December 2, 2011, 7:47am

Capital K on authorized_keys?

Duffs22 · December 2, 2011, 7:48am

apologies, that is a typo - lower case k.

sandy.bhadoriya · December 2, 2011, 10:42am

ph34r# mkdir ~/.ssh
ph34r# chmod 700 ~/.ssh
ph34r# cd ~/.ssh
ph34r# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key ("your_local_home"/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again: 
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
17:5a:e7:77:ad:2c:0b:8e:f3:97:f8:20:53:79:69:55 root@ph34r

ph34r# scp ~/.ssh/id_rsa.pub jimbo@l0ath1ng.tehinterweb.net:/home/jimbo/id_rsa.ph34r.pub
ph34r# ssh jimbo@l0ath1ng.tehinterweb.net
Password:
% mkdir .ssh
% chmod 700 .ssh
% cat id_rsa.ph34r.pub >> .ssh/authorized_keys
% chmod 644 .ssh/authorized_keys

mark54g · December 2, 2011, 11:28am

ssh-copy-id

Duffs22 · December 5, 2011, 10:42am

Hi,

I have used the ssh-copy-id with the following result.....

[oracle@node1 .ssh]$ ssh-copy-id -i id_dsa.pub node2
oracle@node2 password: 
Now try logging into the machine, with "ssh node2'", and check in:
  .ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[oracle@node1 .ssh]$ ssh node2
oracle@node2's password:

......still requesting a password.

R,
D.

CarloM · December 5, 2011, 11:06am

What does ssh -v node2 say?

Duffs22 · December 5, 2011, 11:19am

Hi,

In verbose mode.....

[oracle@node1 .ssh]$ ssh -v node2
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to node2[node2] port 22.
debug1: Connection established.
debug1: identity file /home/oracle/.ssh/identity type -1
debug1: identity file /home/oracle/.ssh/id_rsa type -1
debug1: identity file /home/oracle/.ssh/id_dsa type 2
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.235.15' is known and matches the RSA host key.
debug1: Found key in /home/oracle/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found
debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found
debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found
debug1: Next authentication method: publickey
debug1: Trying private key: /home/oracle/.ssh/identity
debug1: Trying private key: /home/oracle/.ssh/id_rsa
debug1: Offering public key: /home/oracle/.ssh/id_dsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: password
oracle@node2's password:

R,
D

CarloM · December 5, 2011, 11:38am

I assume you can actually log in if you supply a password? (i.e. it's not disabled)

Duffs22 · December 5, 2011, 11:41am

yes I can log in with a pasword.

Might be worth adding, I applied the exact same procedure from the same host to another server on the same vlan and it worked fine. All permissions are the same.

R,
D.

mark54g · December 5, 2011, 7:01pm

Try using ssh-copy-id without specifying the file

duffs22:

Hi,

I have used the ssh-copy-id with the following result.....

[oracle@node1 .ssh]$ ssh-copy-id -i id_dsa.pub node2
oracle@node2 password: 
Now try logging into the machine, with "ssh node2'", and check in:
  .ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[oracle@node1 .ssh]$ ssh node2
oracle@node2's password:

......still requesting a password.

R,
D.

Duffs22 · December 6, 2011, 4:42am

Hi,

It produces the folowing:

[oracle@node1.ssh]$ ssh-copy-id node2
/usr/bin/ssh-copy-id: ERROR: No identities found
[oracle@node1 .ssh]$ ssh-copy-id -i node2
/usr/bin/ssh-copy-id: ERROR: No identities found

R,
D.

mark54g · December 6, 2011, 7:16am

run ssh-keygen first as the user on node 1 and node 2.

Duffs22 · December 6, 2011, 8:14am

I have already generated the keys (id_dsa.pub)

bobby320 · December 7, 2011, 10:49pm

I would suggest you to look into /etc/ssh/sshd_config file before copying the keys to another server, look for the entry "AuthorizedKeyFile" location in the config file, check where it is pointing to user's home directory authorized file or default location as /etc/ssh/auth_keys directory.

Duffs22 · December 8, 2011, 6:21am

This is all correctly configured.

Duffs22 · December 8, 2011, 9:34am

Hi,

Dec  8 14:21:02 node2 su: pam_unix(su-l:session): session opened for user oracle by root(uid=0)
Dec  8 14:25:53 node2 sshd[25357]: Connection closed by UNKNOWN

R,
D.