Question

ssh connection without password prompt.

Asked by: sathiyakum

Hi,
I'm trying to configure ssh to log in without any password on the same sun unix box. Assuming the box name is : infodev and the OS user is : informat, the following line should work without prompting for the password but it is not.

infodev:/apps/informatica/.ssh> ssh -v infodev date

Below is the output of the above command:

OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004            
debug1: Reading configuration data /usr/local/etc/ssh_config                
debug1: Connecting to infodev [129.202.27.241] port 22.                      
debug1: Connection established.                                              
debug1: identity file /apps/informatica/.ssh/identity type -1                
debug1: identity file /apps/informatica/.ssh/id_rsa type -1                  
debug1: identity file /apps/informatica/.ssh/id_dsa type 2                  
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8p1  
debug1: match: OpenSSH_3.8p1 pat OpenSSH*                                    
debug1: Enabling compatibility mode for protocol 2.0                        
debug1: Local version string SSH-2.0-OpenSSH_3.8p1                          
debug1: SSH2_MSG_KEXINIT sent                                                
debug1: SSH2_MSG_KEXINIT received                                            
debug1: kex: server->client aes128-cbc hmac-md5 none                        
debug1: kex: client->server aes128-cbc hmac-md5 none                        
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent                    
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP                                  
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent                                        
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY                                  
debug1: Host 'infodev' is known and matches the RSA host key.                
debug1: Found key in /apps/informatica/.ssh/known_hosts:1                    
debug1: ssh_rsa_verify: signature correct                                    
debug1: SSH2_MSG_NEWKEYS sent                                                
debug1: expecting SSH2_MSG_NEWKEYS                                          
debug1: SSH2_MSG_NEWKEYS received                                            
debug1: SSH2_MSG_SERVICE_REQUEST sent                                          
debug1: SSH2_MSG_SERVICE_ACCEPT received                                        
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey                                  
debug1: Trying private key: /apps/informatica/.ssh/identity                    
debug1: Trying private key: /apps/informatica/.ssh/id_rsa                      
debug1: Offering public key: /apps/informatica/.ssh/id_dsa                      
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive                        
debug1: Authentications that can continue: publickey,password,keyboard-interacte
debug1: Next authentication method: password                                    
informat@infodev's password:                                                    


Any help on this is greatly appreciated. The permissions of .ssh directory and authorized_keys file are set as below:
-rwxrwxr-x   1 informat users        605 May 11 11:13 authorized_keys*

Thanks,
sathiyakum.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2005-05-11 at 08:55:31ID21420647
Tags

password

,

ssh

,

without

,

prompt

Topic

Unix Network Security

Participating Experts
6
Points
500
Comments
24

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. passwordless ssh
    hi all experts, i wana ssh to a remote machine without asking for password. For this purpose i have gathered some tips from net and do something like first of all i have created rsa and dsa keys using ssh-keygen without phrase under userhome/.ssh/.and the rsa key copy into @...
  2. SSH on redhat 6.2
    Greetings experts. This could be an easy question. Specifics: RH linux 6.2 server Attempting to connect via ssh. installed all the components to make this work. When I attempt to connect no passwords are authenticated. SSH appears to try to connect, it accepts the user name...
  3. SSH without password same host
    Hi All, I'm trying to configure ssh to log in without any password on the same box. Assuming the box name is : test123 and the OS user is : oracle, the following line should work without prompting for the password: $ ssh test123 date But everytime I do that, it still promp...
  4. ssh problems
    if i try to ssh into any other host, or localhost I get "Host key verification failed." This happens when I try to connect to ANY other host, internal or external to my network.I have tried to regenerate my host keys on my server and restart sshd. any ideas? ssh lo...
  5. ssh with keys
    I have a server that runs sshd. The authentication procedure is the classic one. username/password with ssh2. im testing with ssh keys. So i created a key for one user in his .ssh folder is it should be. I havent!! (notice that) changed the option PasswordAuthentication Ye...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: TintinPosted on 2005-05-11 at 18:50:52ID: 13983388

How did you create your ssh key?

Perms on the .ssh directory should be 700 and 600 on authorized keys.  Some ssh servers are less fussy on permissions depending on what settings they are using.

 

by: yuzhPosted on 2005-05-11 at 19:15:48ID: 13983445

You need to make sure .ssh is NOT group/world writable, ssh client (server) doesn't let
you use the keys if it is group/world readable (the know_hosts file can be readable by any one!).

 

by: ahoffmannPosted on 2005-05-12 at 00:20:26ID: 13984123

are you using keys or password login?

for keys you need to enshure that on both sides ~/.ssh is owned by the proper user and has permission 700 or 500, same applies to key and know_hosts file in ther: 600 or 400

And take care that ~/.ssh is not symlinked somehow (some ssh versions are really picky)

 

by: sathiyakumPosted on 2005-05-12 at 08:21:17ID: 13987517

Still not working. I am using keys. Below are the steps I followed:

1. Generate the keys using ssh-keygen. I've used an empty passphrase.
bsed24:/apps/informatica> ssh-keygen -t dsa

2. Copy the contents of id_dsa.pub to authorized_keys
bsed24:/apps/informatica> cat id_dsa.pub > authorized_keys

3. Changed the permissions as below:
bsed24:/apps/informatica> ls -ld .ssh                      
drwx------   2 informat users         96 May 11 11:13 .ssh/

bsed24:/apps/informatica/.ssh> ls -lrt                              
total 8                                                              
-rw-------   1 informat users        605 May 11 11:11 id_dsa.pub    
-rw-------   1 informat users        668 May 11 11:11 id_dsa        
-rw-------   1 informat users        605 May 11 11:13 authorized_keys
-rw-------   1 informat users        451 May 11 11:14 known_hosts    

bsed24:/apps/informatica> ssh infodev date  
informat@infodev's password:                
Thu May 12 11:12:52 EDT 2005                

Any help is greatly appreciated.

Thanks,
sathiyakum.

 

by: ahoffmannPosted on 2005-05-12 at 13:49:52ID: 13990917

silly question: did you add the ida_dsa.pub to the remote server's ~/.ssh/authorized_keys

 

by: sathiyakumPosted on 2005-05-12 at 14:01:03ID: 13991015

infodev is not remote server. It is localhost. Wouldn't the line "bsed24:/apps/informatica> cat id_dsa.pub > authorized_keys" do it OR perhaps I did not understand ahoffmann's question right.



 

by: TintinPosted on 2005-05-12 at 17:13:48ID: 13992264

Going back a few steps, why do you want to do this?  It doesn't make any sense to ssh to the localhost as the same user.

 

by: yuzhPosted on 2005-05-12 at 18:50:05ID: 13992585

>>It doesn't make any sense to ssh to the localhost as the same user.

It you want to use ssh login without passwd between different box, have a look at the
instructions in the following docs:

http://pirlwww.lpl.arizona.edu/user_notes/user_notes.cgi?id=86
http://docsun.cites.uiuc.edu/sun_docs/C/solaris_9/SUNWaadm/SYSADV6/p45.html
http://linuxproblem.org/art_9.html

 

by: ahoffmannPosted on 2005-05-13 at 01:59:37ID: 13994106

> cat id_dsa.pub > authorized_keys" do it OR perhaps I did not understand ahoffmann's question right.
yes you didn't get it right. Or do you mena that you used localhost as remote server?
id_dsa.pub has to be in authorised_keys on the *remote* server

 

by: TintinPosted on 2005-05-16 at 12:25:27ID: 14013312

Which all leads back to my last question.  Why would you want to ssh to the localhost as the same user?  I can't think of any sane reason for doing this.

 

by: sathiyakumPosted on 2005-05-16 at 12:42:10ID: 14013435

I want to use ssh to localhost itself for the following reason:

I want to run "ssh  <username>@<localhost> <command>"  without typing a password. Username could be same user or different user but the command has to be run with the corresponding user's profile.

I was not successful with sudo or su as I couldn't find a way to run the command without typing a password. That's why I went with ssh  option.

Would passwordless ssh option work for running commands. If so, are there any drawbacks. I am still not successful with the above-mentioned ssh command. Any thoughts.

Thanks,
Kumaran.

 

by: yuzhPosted on 2005-05-16 at 18:26:50ID: 14015479

You can use:

su - usrname -c "command"
you run command as usrname and use his/her login ENV
man su

use sudo with the above comand also work.

 

by: TintinPosted on 2005-05-16 at 19:11:41ID: 14015623

OK, now we know the real problem.  

What you *really* want to do, is setup sudo.

It's easy to setup sudo to not need a password.  You just need an entry like:

infomat ALL =  NOPASSWD: /usr/bin/kill

 

by: XoFPosted on 2005-05-18 at 05:30:17ID: 14026364

back to ssh:

> debug1: Trying private key: /apps/informatica/.ssh/identity                    
> debug1: Trying private key: /apps/informatica/.ssh/id_rsa                      
> debug1: Offering public key: /apps/informatica/.ssh/id_dsa

well, it seems as if ssh cannot find the private key.
Did you try that one:
infodev:/apps/informatica/.ssh> ssh -v -i id_dsa infodev date
?

HTH,

-XoF-

 

by: ahoffmannPosted on 2005-05-18 at 08:02:30ID: 14027739

start sshd -d and see what it tells you when you try to connect again

 

by: decoleurPosted on 2005-05-23 at 18:39:02ID: 14065139

I was able to configure a root level user to use ssh to rsync with another machine without entering a password by changing the sshd config to "PermitRootLogin forced-commands-only"
and adding to the start of the key in the authorized hosts file the origin and a simple file that defines the allowed commands.

# cat authorized_keys
from="origin.domain.net",command="/home/user/.ssh/validate-rsync" ssh-dss AAAAB3...

where validate-rsync looks like:
# cat validate-rsync

#!/bin/sh

case "$SSH_ORIGINAL_COMMAND" in
        *\&*)
                echo "Rejected"
                ;;
        *\;*)
                echo "Rejected"
                ;;
        rsync\ --server*)
                $SSH_ORIGINAL_COMMAND
                ;;
        *)
                echo "Rejected"
                ;;
esac

and the files are set up as
# ls -l
total 8
-rw-------  1 root user 1186 Jan  5 11:38 authorized_keys
-rwxr-xr-x  1 root user  323 Jan  5 11:38 validate-rsync

When i try to just ssh using this configuration i get a request for a password, which will get denied, because i am using a limited use root account, but if I try to tunnel the rsync over ssh it works without a password.

I think your issue is with your sshd config, is the user you are trying to connect with in the wheel group or have root access?

Also you might want to try PermitRootLogin Yes in sshd_config and see what that does.

Hope this Helps.

-t

 

by: decoleurPosted on 2005-05-23 at 18:52:00ID: 14065167

your authorized_keys file has to be in the .ssh directory, here is what happens when I duplicate your process:

[user@monitor ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
09:...:e5 user@monitor.mydomain.net
[user@monitor ~]$ cd .ssh/
[user@monitor .ssh]$ ls
authorized_keys  id_dsa  id_dsa.pub  known_hosts
[user@monitor .ssh]$ cat id_dsa.pub >>authorized_keys
[user@monitor .ssh]$ ssh monitor date
Mon May 23 21:42:21 EDT 2005

I hit enter twice to avoid the passphrase.

HTH,

-t

 

by: decoleurPosted on 2005-06-10 at 10:52:27ID: 14190901

-XoF- had it, you are trying to use cert based authentication without identifying what cert you want you use.

you need to identify the relivant key for the user@machine by using the -i flag with the /path/to/private/key

so in your case you would need to type:

infodev:/apps/informatica/.ssh> ssh infodev -i /path/to/private/key date

HTH

-t

 

by: gheistPosted on 2005-06-26 at 01:22:45ID: 14303005

Is there any suspicious setting for AuthorizedKeysFile in /etc/ssh/sshd_config ???

At "05/12/2005 08:21AM PDT" You have all set up very well...

 

by: decoleurPosted on 2006-01-12 at 12:12:29ID: 15685283

interested

 

by: gheistPosted on 2006-01-12 at 14:10:15ID: 15686542

Did you get working situation back or still try to find magic curses to make it work ????

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...