You need to make sure .ssh is NOT group/world writable, ssh client (server) doesn't let
you use the keys if it is group/world readable (the know_hosts file can be readable by any one!).
Main Topics
Browse All TopicsHi,
I'm trying to configure ssh to log in without any password on the same sun unix box. Assuming the box name is : infodev and the OS user is : informat, the following line should work without prompting for the password but it is not.
infodev:/apps/informatica/
Below is the output of the above command:
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to infodev [129.202.27.241] port 22.
debug1: Connection established.
debug1: identity file /apps/informatica/.ssh/ide
debug1: identity file /apps/informatica/.ssh/id_
debug1: identity file /apps/informatica/.ssh/id_
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8p1
debug1: match: OpenSSH_3.8p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUES
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'infodev' is known and matches the RSA host key.
debug1: Found key in /apps/informatica/.ssh/kno
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboar
debug1: Next authentication method: publickey
debug1: Trying private key: /apps/informatica/.ssh/ide
debug1: Trying private key: /apps/informatica/.ssh/id_
debug1: Offering public key: /apps/informatica/.ssh/id_
debug1: Authentications that can continue: publickey,password,keyboar
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboar
debug1: Next authentication method: password
informat@infodev's password:
Any help on this is greatly appreciated. The permissions of .ssh directory and authorized_keys file are set as below:
-rwxrwxr-x 1 informat users 605 May 11 11:13 authorized_keys*
Thanks,
sathiyakum.
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Still not working. I am using keys. Below are the steps I followed:
1. Generate the keys using ssh-keygen. I've used an empty passphrase.
bsed24:/apps/informatica> ssh-keygen -t dsa
2. Copy the contents of id_dsa.pub to authorized_keys
bsed24:/apps/informatica> cat id_dsa.pub > authorized_keys
3. Changed the permissions as below:
bsed24:/apps/informatica> ls -ld .ssh
drwx------ 2 informat users 96 May 11 11:13 .ssh/
bsed24:/apps/informatica/.
total 8
-rw------- 1 informat users 605 May 11 11:11 id_dsa.pub
-rw------- 1 informat users 668 May 11 11:11 id_dsa
-rw------- 1 informat users 605 May 11 11:13 authorized_keys
-rw------- 1 informat users 451 May 11 11:14 known_hosts
bsed24:/apps/informatica> ssh infodev date
informat@infodev's password:
Thu May 12 11:12:52 EDT 2005
Any help is greatly appreciated.
Thanks,
sathiyakum.
>>It doesn't make any sense to ssh to the localhost as the same user.
It you want to use ssh login without passwd between different box, have a look at the
instructions in the following docs:
http://pirlwww.lpl.arizona
http://docsun.cites.uiuc.e
http://linuxproblem.org/ar
I want to use ssh to localhost itself for the following reason:
I want to run "ssh <username>@<localhost> <command>" without typing a password. Username could be same user or different user but the command has to be run with the corresponding user's profile.
I was not successful with sudo or su as I couldn't find a way to run the command without typing a password. That's why I went with ssh option.
Would passwordless ssh option work for running commands. If so, are there any drawbacks. I am still not successful with the above-mentioned ssh command. Any thoughts.
Thanks,
Kumaran.
back to ssh:
> debug1: Trying private key: /apps/informatica/.ssh/ide
> debug1: Trying private key: /apps/informatica/.ssh/id_
> debug1: Offering public key: /apps/informatica/.ssh/id_
well, it seems as if ssh cannot find the private key.
Did you try that one:
infodev:/apps/informatica/
?
HTH,
-XoF-
I was able to configure a root level user to use ssh to rsync with another machine without entering a password by changing the sshd config to "PermitRootLogin forced-commands-only"
and adding to the start of the key in the authorized hosts file the origin and a simple file that defines the allowed commands.
# cat authorized_keys
from="origin.domain.net",c
where validate-rsync looks like:
# cat validate-rsync
#!/bin/sh
case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected"
;;
*\;*)
echo "Rejected"
;;
rsync\ --server*)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected"
;;
esac
and the files are set up as
# ls -l
total 8
-rw------- 1 root user 1186 Jan 5 11:38 authorized_keys
-rwxr-xr-x 1 root user 323 Jan 5 11:38 validate-rsync
When i try to just ssh using this configuration i get a request for a password, which will get denied, because i am using a limited use root account, but if I try to tunnel the rsync over ssh it works without a password.
I think your issue is with your sshd config, is the user you are trying to connect with in the wheel group or have root access?
Also you might want to try PermitRootLogin Yes in sshd_config and see what that does.
Hope this Helps.
-t
your authorized_keys file has to be in the .ssh directory, here is what happens when I duplicate your process:
[user@monitor ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub
The key fingerprint is:
09:...:e5 user@monitor.mydomain.net
[user@monitor ~]$ cd .ssh/
[user@monitor .ssh]$ ls
authorized_keys id_dsa id_dsa.pub known_hosts
[user@monitor .ssh]$ cat id_dsa.pub >>authorized_keys
[user@monitor .ssh]$ ssh monitor date
Mon May 23 21:42:21 EDT 2005
I hit enter twice to avoid the passphrase.
HTH,
-t
-XoF- had it, you are trying to use cert based authentication without identifying what cert you want you use.
you need to identify the relivant key for the user@machine by using the -i flag with the /path/to/private/key
so in your case you would need to type:
infodev:/apps/informatica/
HTH
-t
Business Accounts
Answer for Membership
by: TintinPosted on 2005-05-11 at 18:50:52ID: 13983388
How did you create your ssh key?
Perms on the .ssh directory should be 700 and 600 on authorized keys. Some ssh servers are less fussy on permissions depending on what settings they are using.