[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH doesn't work with RSA keys

Andrew M.A. Cater wrote:
On Wed, Jan 03, 2007 at 05:50:40PM -0300, Alejandro wrote:
People, I have generated the key pair RSA from my root linux's user and
then I copy my RSA public key to /root/.ssh/authorized_keys from the
linux ssh server. After that I edit the sshd_config file and put permit
rootlogin no and the correct path to the authorized_keys file. But when
I execute from the client "ssh root@server" it doesn't enter and the
password banner is showed. Here I put my debugs from ssh client and
server and my sshd_config file from the server....I REALLY THANKS YOUR


Try setting up a normal user first - check whether that works.
Example commands are indented in what follows. Comments are mostly
in []

As user pele change to your home directory on the first machine (here called cerca) then

	ssh-keygen -t rsa -b 2048

[Follow the prompts: don't use a passphrase. This should generate a pair of keys id_rsa and id_rsa.pub

	cd /home/pele/.ssh

	touch authorized_keys

	chmod 0600 authorized_keys

Follow the same procedure on the other machine (here called lejos).

On machine cerca:

	cd /home/pele/.ssh

	scp lejos:/home/pele/.ssh/id_dsa.pub ./id_dsa.pubLEJOS

[This copies the file you need from the other machine and names it so you can tell where it comes from. At this point, you may need to use passwords]

	scp ./id_dsa.pub lejos:/home/pele/.ssh/id_dsa.pubCERCA

[Copying the public RSA key from the machine you are on to the distant machine]

	cat id_dsa.pubLEJOS >> authorized_keys

[Copy the public RSA key from the distant machine and append it to the authorized_keys file on your local machine]

[Now copy the key into the appropriate place on the distant machine and append it to the authorized_keys file there. ]

	ssh lejos

	cd /home/pele/.ssh

	cat id_dsa.pubCERCA >> authorized_keys

[Check that an ssh connection works in both directions:
[On cerca]

	ssh lejos

[On lejos]

	ssh cerca

should both work immediately.

Now do the same with keys for root, if you want to. If you only want one user to have effective root privilege - append the id_dsa.pub for root on the machine to the end of his /.ssh/authorized_keys file

Hope this helps,


Andy, your example is very helpul to me...tomorow I'll follow your steps. But let me ask these two last questions:

1) What are the lines I should setup in /etc/ssh/sshd_config from the server side ???? Just *AuthorizedKeysFile %h/.ssh/authorized_keys* or what else ???

2) Some people say if I use SSH version 2, I have to use an *authorized_keys2* file instead of an *authorized_keys* file...is it OK

Thanks a lot and greetings,


Reply to: