passwordless ssh

hi all experts,
i wana ssh to a remote machine without asking for password. For this purpose i have gathered some tips from net and do something like
first of all i have created rsa and dsa keys using ssh-keygen without phrase under userhome/.ssh/.and the rsa key copy into @remoteuserhome/.ssh/authorised keys file of romote machine via scp.
i  am using OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
on both machine.
but still when i wana ssh to remote machine it is asking  for passwd.
any idea.
MNGROWAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GregBolshawCommented:
There's an option in /etc/sshd_config to allow passwordless logins. Of course, you will also need a passwordless account to logon as.
0
bummerlordCommented:
(Greg, you are scaring me! I hope you don't mean "PermitEmptyPasswords yes" ..you should go to jail for using that ;-))


MNGROW, make sure that you don't have "PubkeyAuthentication no" (default should be "yes" I think) in sshd_config
Then look in sshd_config again... look for "AuthorizedKeysFile".
If such a parameter exists note the value.. (e.g. .ssh/authorized_keys ) The default may be ".ssh/authorized_keys2" depending on the openssh version.

/b
0
GnsCommented:
If you really don't care about security, use .shosts files (rhost authentication. This is normally disabled, with good cause). To get the keys right, connect back to the client system from the server.

You should follow bummerlords lead.

-- Glenn
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

bummerlordCommented:
btw, you didn't say what key you copied to the authorized_keys file on the remote account... it should be the _public_ key! Double check! :-)
Also there is no need to generate both RSA and DSA key pairs. Could it be that you copied the public DSA key, and are actually trying to authenticate using the RSA private key, or the other way around? (possibly both are tried if both exists, I haven't really thought about it until now...)
You could try to symlink ".ssh/identity" to ".ssh/id_dsa" (or id_rsa). I think "identity" is always used if it exists (the type of key doesn't matter)

If you connect using "ssh -v ...." you'll get some debug output that might give better clues. If you need, post it here and someone might decode it for you.

/b
0
MNGROWAuthor Commented:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 501 geteuid 0 anon 1
debug1: Connecting to remote [remote] port 6667.
debug1: temporarily_use_uid: 501/501 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 501/501 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /var/ftp/admin005/.ssh/identity type 0
debug1: identity file /var/ftp/admin005/.ssh/id_rsa type -1
debug1: identity file /var/ftp/admin005/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.5.2p2
debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH_2\.5\.[012]
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 132/256
debug1: bits set: 994/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '202.179.159.130' is known and matches the RSA host key.
debug1: Found key in /var/ftp/admin005/.ssh/known_hosts2:1
debug1: bits set: 1045/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: try privkey: /var/ftp/admin005/.ssh/id_rsa
debug1: try privkey: /var/ftp/admin005/.ssh/id_dsa
debug1: next auth method to try is password
admin005@server's password:
debug1: authentications that can continue: publickey,password
Permission denied, please try again.
admin005@server's password:
debug1: authentications that can continue: publickey,password
Permission denied, please try again.
admin005@server's password:
debug1: authentications that can continue: publickey,password
debug1: no more auth methods to try
Permission denied (publickey,password).
debug1: Calling cleanup 0x8063570(0x0)
[admin005@moser admin005]$ ssh -v 202.179.159.130 -i .ssh/authorized_keys
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 501 geteuid 0 anon 1
debug1: Connecting to 202.179.159.130 [202.179.159.130] port 6667.
debug1: temporarily_use_uid: 501/501 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 501/501 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file .ssh/authorized_keys type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.5.2p2
debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH_2\.5\.[012]
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 135/256
debug1: bits set: 1020/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '202.179.159.130' is known and matches the RSA host key.
debug1: Found key in /var/ftp/admin005/.ssh/known_hosts2:1
debug1: bits set: 1015/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: try privkey: .ssh/authorized_keys
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '.ssh/authorized_keys':
debug1: next auth method to try is password
admin005@202.179.159.130's password:
debug1: authentications that can continue: publickey,password
Permission denied, please try again.
admin005@202.179.159.130's password:
debug1: authentications that can continue: publickey,password
Permission denied, please try again.
admin005@202.179.159.130's password:
debug1: authentications that can continue: publickey,password
debug1: no more auth methods to try
Permission denied (publickey,password).
debug1: Calling cleanup 0x8063570(0x0)
#######################
thats all wht i have got by ssh -v
0
MNGROWAuthor Commented:
i have created empty by hit ENTER when it ask for passphrase twice time
but u can see above ssh -v out put it ask me for passphrase and when i enter i goes to password auth method
thats what i do,nt want.
0
bummerlordCommented:
Your first run looks good
---
debug1: next auth method to try is publickey
debug1: try privkey: /var/ftp/admin005/.ssh/id_rsa
debug1: try privkey: /var/ftp/admin005/.ssh/id_dsa
---

Client is trying to use the private keys for authentication..
The "problem" is at the server side.. possibly the public key should go in authorized_keys2" instead of "authorized_keys".
The password you are being prompted for is the remote password for the account, not the passphrase for the private key (that prompt looks rather different :-))

Your second run is bound to fail.. you don't authenticate using the public key(s) from the client. The authorized_keys file is _only_ used on the server.

Make sure that you copied the _public_ key to the authorized_keys(2) file for the account you intend to login to. Either if it's the first key, you just copy the id_rsa.pub to $HOME/.ssh/authorized_keys (possibly authorized_keys2), or if you already have other keys in there you'd append the content of id_rsa.pub using something like: cat id_rsa.pub >> $HOME/.ssh/authorized_keys


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CleanupPingCommented:
MNGROW:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
GnsCommented:
Give it to the bummerlord, or possibly split off a smaller share for greg.

-- Glenn
0
bummerlordCommented:
Hi Gns! :-)
Or refund..

Btw, I just realized that noone (especially I) didn't mention to check permissions on the private key... if too loose ssh will always ask for a passphrase even though the key isn't encrypted I think.

/b

0
TheWeakestLinkCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
Accept comments from bummerlord as answer
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

TheWeakestLink
EE Cleanup Volunteer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.