Re: ssh to remote machine with user login problem
On Fri, Jan 06, 2006 at 02:07:01PM +0200, Pavlos Parissis wrote:
> > Hi,
> > Thanks for your mail.I have tried to copy .ssh folder from root to the
> > users account and the permissions are 600 and the file is owned by the user
> > and still i am getting the enter the password.
> OK, you need to run the ssh command with -v argument and send us the output
> while you are trying to access the system as root and as user.
> Furthermore,send us the sshd_config of the server and /etc/ssh/ssh_config
> , the ~.ssh/config from the system which are you using the ssh.
> And of course the lines from /var/log/auth for a root login and for a user
> to see any difference.
> It must be something in the confs or you are doing something wrong
> ,it can not be a bug.
You need to run ssh-keygen to generate keys. You then put the public
keys into a specific place on each machine.
Run the followng command (indented by one tab only so that you can see
ssh-keygen -t dsa -b 2048
This generates a key, 2048 bits long and stores it in your home
directory in a .ssh subdirectory.
If you go to ~/.ssh now, you should see two parts to your key - id_dsa
The .pub part is the public key - you can give that to absolutely
anyone. The id_dsa should be kept private and the permissions on
.ssh are designed to help with that.
Also in .ssh run the following commands:
touch authorized_keys ; chmod 0600 authorized_keys
The trick is that each machine has to see the id_dsa.pub for another
machine in the authorized_keys file. The key exchange and authentication
relies on being able to use the public key half to authenticate the
connection - or it drops back to password authentication.
As your user, use scp to copy the keys across. [Call the two machines
aardvark and wombat, for example]. In copying the keys across, you're
renaming them so you don't end up inadvertently overwriting the id_rsa.pub
already on that machine and you know which machine you copied the key from.
scp ~/.ssh/id_dsa.pub wombat:~/id_dsa.pubAardvark
You'll get asked for a password.
scp ~/.ssh/id_dsa.pub aardvark:~/id_dsa.pubWombat
You'll get asked for a password. Login to one machine [Wombat].
>From your home directory
cat ./id_dsa.pubAardvark >> ~/.ssh/authorized_keys
[Appending to the end of the authorized_keys file you just created].
Likewise, on Aardvark
cat ./id_dsa.pubWombat >> ~/.ssh/authorized_keys
Log off each machine.
Now you should be able to login without a password from each machine to
the other. Once you're satisfied, delete the id_rsa.pubAardvark and
id_rsa.pubWombat files from the home directories. Repeat for other
machines as necessary.
Secure login and secure transfer of keys: no changing permissions or
exposing other than public keys at any stage :)