sathiyakum
asked on
ssh connection without password prompt.
Hi,
I'm trying to configure ssh to log in without any password on the same sun unix box. Assuming the box name is : infodev and the OS user is : informat, the following line should work without prompting for the password but it is not.
infodev:/apps/informatica/ .ssh> ssh -v infodev date
Below is the output of the above command:
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to infodev [129.202.27.241] port 22.
debug1: Connection established.
debug1: identity file /apps/informatica/.ssh/ide ntity type -1
debug1: identity file /apps/informatica/.ssh/id_ rsa type -1
debug1: identity file /apps/informatica/.ssh/id_ dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8p1
debug1: match: OpenSSH_3.8p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUES T(1024<102 4<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'infodev' is known and matches the RSA host key.
debug1: Found key in /apps/informatica/.ssh/kno wn_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboar d-interact ive
debug1: Next authentication method: publickey
debug1: Trying private key: /apps/informatica/.ssh/ide ntity
debug1: Trying private key: /apps/informatica/.ssh/id_ rsa
debug1: Offering public key: /apps/informatica/.ssh/id_ dsa
debug1: Authentications that can continue: publickey,password,keyboar d-interact ive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboar d-interact e
debug1: Next authentication method: password
informat@infodev's password:
Any help on this is greatly appreciated. The permissions of .ssh directory and authorized_keys file are set as below:
-rwxrwxr-x 1 informat users 605 May 11 11:13 authorized_keys*
Thanks,
sathiyakum.
I'm trying to configure ssh to log in without any password on the same sun unix box. Assuming the box name is : infodev and the OS user is : informat, the following line should work without prompting for the password but it is not.
infodev:/apps/informatica/
Below is the output of the above command:
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to infodev [129.202.27.241] port 22.
debug1: Connection established.
debug1: identity file /apps/informatica/.ssh/ide
debug1: identity file /apps/informatica/.ssh/id_
debug1: identity file /apps/informatica/.ssh/id_
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8p1
debug1: match: OpenSSH_3.8p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUES
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'infodev' is known and matches the RSA host key.
debug1: Found key in /apps/informatica/.ssh/kno
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboar
debug1: Next authentication method: publickey
debug1: Trying private key: /apps/informatica/.ssh/ide
debug1: Trying private key: /apps/informatica/.ssh/id_
debug1: Offering public key: /apps/informatica/.ssh/id_
debug1: Authentications that can continue: publickey,password,keyboar
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboar
debug1: Next authentication method: password
informat@infodev's password:
Any help on this is greatly appreciated. The permissions of .ssh directory and authorized_keys file are set as below:
-rwxrwxr-x 1 informat users 605 May 11 11:13 authorized_keys*
Thanks,
sathiyakum.
You need to make sure .ssh is NOT group/world writable, ssh client (server) doesn't let
you use the keys if it is group/world readable (the know_hosts file can be readable by any one!).
you use the keys if it is group/world readable (the know_hosts file can be readable by any one!).
are you using keys or password login?
for keys you need to enshure that on both sides ~/.ssh is owned by the proper user and has permission 700 or 500, same applies to key and know_hosts file in ther: 600 or 400
And take care that ~/.ssh is not symlinked somehow (some ssh versions are really picky)
for keys you need to enshure that on both sides ~/.ssh is owned by the proper user and has permission 700 or 500, same applies to key and know_hosts file in ther: 600 or 400
And take care that ~/.ssh is not symlinked somehow (some ssh versions are really picky)
ASKER
Still not working. I am using keys. Below are the steps I followed:
1. Generate the keys using ssh-keygen. I've used an empty passphrase.
bsed24:/apps/informatica> ssh-keygen -t dsa
2. Copy the contents of id_dsa.pub to authorized_keys
bsed24:/apps/informatica> cat id_dsa.pub > authorized_keys
3. Changed the permissions as below:
bsed24:/apps/informatica> ls -ld .ssh
drwx------ 2 informat users 96 May 11 11:13 .ssh/
bsed24:/apps/informatica/. ssh> ls -lrt
total 8
-rw------- 1 informat users 605 May 11 11:11 id_dsa.pub
-rw------- 1 informat users 668 May 11 11:11 id_dsa
-rw------- 1 informat users 605 May 11 11:13 authorized_keys
-rw------- 1 informat users 451 May 11 11:14 known_hosts
bsed24:/apps/informatica> ssh infodev date
informat@infodev's password:
Thu May 12 11:12:52 EDT 2005
Any help is greatly appreciated.
Thanks,
sathiyakum.
1. Generate the keys using ssh-keygen. I've used an empty passphrase.
bsed24:/apps/informatica> ssh-keygen -t dsa
2. Copy the contents of id_dsa.pub to authorized_keys
bsed24:/apps/informatica> cat id_dsa.pub > authorized_keys
3. Changed the permissions as below:
bsed24:/apps/informatica> ls -ld .ssh
drwx------ 2 informat users 96 May 11 11:13 .ssh/
bsed24:/apps/informatica/.
total 8
-rw------- 1 informat users 605 May 11 11:11 id_dsa.pub
-rw------- 1 informat users 668 May 11 11:11 id_dsa
-rw------- 1 informat users 605 May 11 11:13 authorized_keys
-rw------- 1 informat users 451 May 11 11:14 known_hosts
bsed24:/apps/informatica> ssh infodev date
informat@infodev's password:
Thu May 12 11:12:52 EDT 2005
Any help is greatly appreciated.
Thanks,
sathiyakum.
silly question: did you add the ida_dsa.pub to the remote server's ~/.ssh/authorized_keys
ASKER
infodev is not remote server. It is localhost. Wouldn't the line "bsed24:/apps/informatica> cat id_dsa.pub > authorized_keys" do it OR perhaps I did not understand ahoffmann's question right.
Going back a few steps, why do you want to do this? It doesn't make any sense to ssh to the localhost as the same user.
>>It doesn't make any sense to ssh to the localhost as the same user.
It you want to use ssh login without passwd between different box, have a look at the
instructions in the following docs:
http://pirlwww.lpl.arizona.edu/user_notes/user_notes.cgi?id=86
http://docsun.cites.uiuc.edu/sun_docs/C/solaris_9/SUNWaadm/SYSADV6/p45.html
http://linuxproblem.org/art_9.html
It you want to use ssh login without passwd between different box, have a look at the
instructions in the following docs:
http://pirlwww.lpl.arizona.edu/user_notes/user_notes.cgi?id=86
http://docsun.cites.uiuc.edu/sun_docs/C/solaris_9/SUNWaadm/SYSADV6/p45.html
http://linuxproblem.org/art_9.html
> cat id_dsa.pub > authorized_keys" do it OR perhaps I did not understand ahoffmann's question right.
yes you didn't get it right. Or do you mena that you used localhost as remote server?
id_dsa.pub has to be in authorised_keys on the *remote* server
yes you didn't get it right. Or do you mena that you used localhost as remote server?
id_dsa.pub has to be in authorised_keys on the *remote* server
Which all leads back to my last question. Why would you want to ssh to the localhost as the same user? I can't think of any sane reason for doing this.
ASKER
I want to use ssh to localhost itself for the following reason:
I want to run "ssh <username>@<localhost> <command>" without typing a password. Username could be same user or different user but the command has to be run with the corresponding user's profile.
I was not successful with sudo or su as I couldn't find a way to run the command without typing a password. That's why I went with ssh option.
Would passwordless ssh option work for running commands. If so, are there any drawbacks. I am still not successful with the above-mentioned ssh command. Any thoughts.
Thanks,
Kumaran.
I want to run "ssh <username>@<localhost> <command>" without typing a password. Username could be same user or different user but the command has to be run with the corresponding user's profile.
I was not successful with sudo or su as I couldn't find a way to run the command without typing a password. That's why I went with ssh option.
Would passwordless ssh option work for running commands. If so, are there any drawbacks. I am still not successful with the above-mentioned ssh command. Any thoughts.
Thanks,
Kumaran.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
your authorized_keys file has to be in the .ssh directory, here is what happens when I duplicate your process:
[user@monitor ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub .
The key fingerprint is:
09:...:e5 user@monitor.mydomain.net
[user@monitor ~]$ cd .ssh/
[user@monitor .ssh]$ ls
authorized_keys id_dsa id_dsa.pub known_hosts
[user@monitor .ssh]$ cat id_dsa.pub >>authorized_keys
[user@monitor .ssh]$ ssh monitor date
Mon May 23 21:42:21 EDT 2005
I hit enter twice to avoid the passphrase.
HTH,
-t
[user@monitor ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub
The key fingerprint is:
09:...:e5 user@monitor.mydomain.net
[user@monitor ~]$ cd .ssh/
[user@monitor .ssh]$ ls
authorized_keys id_dsa id_dsa.pub known_hosts
[user@monitor .ssh]$ cat id_dsa.pub >>authorized_keys
[user@monitor .ssh]$ ssh monitor date
Mon May 23 21:42:21 EDT 2005
I hit enter twice to avoid the passphrase.
HTH,
-t
-XoF- had it, you are trying to use cert based authentication without identifying what cert you want you use.
you need to identify the relivant key for the user@machine by using the -i flag with the /path/to/private/key
so in your case you would need to type:
infodev:/apps/informatica/ .ssh> ssh infodev -i /path/to/private/key date
HTH
-t
you need to identify the relivant key for the user@machine by using the -i flag with the /path/to/private/key
so in your case you would need to type:
infodev:/apps/informatica/
HTH
-t
Is there any suspicious setting for AuthorizedKeysFile in /etc/ssh/sshd_config ???
At "05/12/2005 08:21AM PDT" You have all set up very well...
At "05/12/2005 08:21AM PDT" You have all set up very well...
interested
Did you get working situation back or still try to find magic curses to make it work ????
Perms on the .ssh directory should be 700 and 600 on authorized keys. Some ssh servers are less fussy on permissions depending on what settings they are using.