Re: ssh to remote machine with user login problem

To: debian-user@lists.debian.org
Subject: Re: ssh to remote machine with user login problem
From: amacater@galactic.demon.co.uk (Andrew M.A. Cater)
Date: Sat, 7 Jan 2006 11:37:08 +0000
Message-id: <[🔎] 20060107113708.GA7994@galactic.demon.co.uk>
In-reply-to: <[🔎] 1136549221.43be5d659f3e5@easymail-app.hol.gr>
References: <[🔎] 20060106115126.66395.qmail@web25809.mail.ukl.yahoo.com> <[🔎] 1136549221.43be5d659f3e5@easymail-app.hol.gr>

On Fri, Jan 06, 2006 at 02:07:01PM +0200, Pavlos Parissis wrote:
> Hello,
> 
> > Hi,
> >    
> >   Thanks for your mail.I have tried to copy .ssh folder from root to the
> > users account and the permissions are 600 and the file is owned by the user
> > and still i am getting the enter the password.
> 
> OK, you need to run the ssh command with -v argument and send us the output
> while you are trying to access the system as root and as user.
> Furthermore,send us the sshd_config of the server and /etc/ssh/ssh_config
> , the ~.ssh/config from the system which are you using the ssh.
> And of course the lines from /var/log/auth for a root login and for a user
> login
> to see any difference.
> 
> It must be something in the confs or you are doing something wrong
> ,it can not be a bug.
> 
> pavlos
> 
You need to run ssh-keygen to generate keys. You then put the public
keys into a specific place on each machine.

Run the followng command (indented by one tab only so that you can see
it):

	ssh-keygen -t dsa -b 2048

This generates a  key, 2048 bits long and stores it in your home
directory in a .ssh subdirectory.

If you go to ~/.ssh now, you should see two parts to your key - id_dsa
and id_dsa.pub

The .pub part is the public key - you can give that to absolutely
anyone. The id_dsa should be kept private and the permissions on
.ssh are designed to help with that.

Also in .ssh run the following commands:

	touch authorized_keys ; chmod 0600 authorized_keys

The trick is that each machine has to see the id_dsa.pub for another
machine in the authorized_keys file. The key exchange and authentication
relies on being able to use the public key half to authenticate the
connection - or it drops back to password authentication.

As your user, use scp to copy the keys across. [Call the two machines
aardvark and wombat, for example]. In copying the keys across, you're 
renaming them so you don't end up inadvertently overwriting the id_rsa.pub 
already on that machine and you know which machine you copied the key from.

[On Aardvark] 

	scp ~/.ssh/id_dsa.pub wombat:~/id_dsa.pubAardvark

You'll get asked for a password.

[On Wombat] 

	scp ~/.ssh/id_dsa.pub aardvark:~/id_dsa.pubWombat

You'll get asked for a password. Login to one machine [Wombat].

>From your home directory

	cat ./id_dsa.pubAardvark >> ~/.ssh/authorized_keys

[Appending to the end of the authorized_keys file you just created].

Likewise, on Aardvark

	cat ./id_dsa.pubWombat >> ~/.ssh/authorized_keys

Log off each machine.

Now you should be able to login without a password from each machine to
the other. Once you're satisfied, delete the id_rsa.pubAardvark and
id_rsa.pubWombat files from the home directories. Repeat for other
machines as necessary.

Secure login and secure transfer of keys: no changing permissions or
exposing other than public keys at any stage :)

Andy

Reply to:

References:
- Re: ssh to remote machine with user login problem
  - From: david robert <davidforlinux@yahoo.co.uk>
- Re: ssh to remote machine with user login problem
  - From: Pavlos Parissis <p_pavlos@freemail.gr>

Prev by Date: Re: How to disable 'rivafb' at boot ?
Next by Date: Re: java for jabref
Previous by thread: Re: ssh to remote machine with user login problem
Next by thread: Debian Question - How to start a programm with rcS the task having root privileges
Index(es):
- Date
- Thread