[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh to remote machine with user login problem

On Fri, Jan 06, 2006 at 02:07:01PM +0200, Pavlos Parissis wrote:
> Hello,
> > Hi,
> >    
> >   Thanks for your mail.I have tried to copy .ssh folder from root to the
> > users account and the permissions are 600 and the file is owned by the user
> > and still i am getting the enter the password.
> OK, you need to run the ssh command with -v argument and send us the output
> while you are trying to access the system as root and as user.
> Furthermore,send us the sshd_config of the server and /etc/ssh/ssh_config
> , the ~.ssh/config from the system which are you using the ssh.
> And of course the lines from /var/log/auth for a root login and for a user
> login
> to see any difference.
> It must be something in the confs or you are doing something wrong
> ,it can not be a bug.
> pavlos
You need to run ssh-keygen to generate keys. You then put the public
keys into a specific place on each machine.

Run the followng command (indented by one tab only so that you can see

	ssh-keygen -t dsa -b 2048

This generates a  key, 2048 bits long and stores it in your home
directory in a .ssh subdirectory.

If you go to ~/.ssh now, you should see two parts to your key - id_dsa
and id_dsa.pub

The .pub part is the public key - you can give that to absolutely
anyone. The id_dsa should be kept private and the permissions on
.ssh are designed to help with that.

Also in .ssh run the following commands:

	touch authorized_keys ; chmod 0600 authorized_keys

The trick is that each machine has to see the id_dsa.pub for another
machine in the authorized_keys file. The key exchange and authentication
relies on being able to use the public key half to authenticate the
connection - or it drops back to password authentication.

As your user, use scp to copy the keys across. [Call the two machines
aardvark and wombat, for example]. In copying the keys across, you're 
renaming them so you don't end up inadvertently overwriting the id_rsa.pub 
already on that machine and you know which machine you copied the key from.

[On Aardvark] 

	scp ~/.ssh/id_dsa.pub wombat:~/id_dsa.pubAardvark

You'll get asked for a password.

[On Wombat] 
	scp ~/.ssh/id_dsa.pub aardvark:~/id_dsa.pubWombat

You'll get asked for a password. Login to one machine [Wombat].

>From your home directory

	cat ./id_dsa.pubAardvark >> ~/.ssh/authorized_keys

[Appending to the end of the authorized_keys file you just created].

Likewise, on Aardvark

	cat ./id_dsa.pubWombat >> ~/.ssh/authorized_keys

Log off each machine.

Now you should be able to login without a password from each machine to
the other. Once you're satisfied, delete the id_rsa.pubAardvark and
id_rsa.pubWombat files from the home directories. Repeat for other
machines as necessary.

Secure login and secure transfer of keys: no changing permissions or
exposing other than public keys at any stage :)


Reply to: