Re: passwordless ssh login not working
On Fri, Feb 07, 2003 at 10:38:17PM -0700, Tim Ayers wrote:
> When you generate your keys and it asks for a passphrase, just hit
> <enter>. Don't use a passphrase and it won't prompt you for one.
No, that's how I did it. It's not asking for a passphrase, it's asking
for a password, just as if I had no keys.
On Sat, Feb 08, 2003 at 02:34:34AM -0500, sean finney wrote:
> heya,
>
> are you sure your sshd_config is configured to allow PubkeyAuthentication?
Yes - here it is (below)
But the main problem seems to be the bit from the ssh -vvv output,
where it says
> > debug3: Not a RSA1 key file /root/.ssh/id_rsa.
(and the same for id_dsa)
Looking in these files, I find they don't look right compared to the
id_?sa.pub files. The .pub files contain "ssh-rsa fv487t509n0etcetcetc=
root@pigeon" all as one long line. The private key files contain
"-----BEGIN RSA PRIVATE KEY-----" followed by the key as 12 separate
lines and an "-----END......" line.
So, I take my text editor to the private key files and change them to
the same format as the public key files. It still doesn't work, but
the error message changes:
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
key_read: uudecode ptu5087509nrounrin975tetcetcetc= root@pigeon
failed
Does that mean anything to anyone?
Pigeon
(/etc/ssh/sshd_config follows)
# Package generated configuration file
# See the sshd(8) manpage for defails
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# ...but breaks Pam auth via kbdint, so we have to turn it off
# Use PAM authentication via keyboard-interactive so PAM modules can
# properly interface with the user (off due to PrivSep)
PAMAuthenticationViaKbdInt no
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 600
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords yes
# Uncomment to disable s/key passwords
#ChallengeResponseAuthentication no
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd no
#PrintLastLog no
KeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
Subsystem sftp /usr/lib/sftp-server
Reply to: