bearclaws75
asked on
Rsync: unable to setup a SSH key pair without password.
I'm trying to setup a public key without a password so I can automate rsync backups from one server to another. I've done the following:
========================== ========== =
Client Server (111.111.111.111)
========================== ========== =
client$ ssh-keygen -N '' -C backup1 -t rsa -f ~/.ssh/backup
client$ scp ~/.ssh/backup.pub 222.222.222.222:.ssh
========================== ========== =
Backup Server (222.222.222.222)
========================== ========== =
server$ cd ~/.ssh
server$ cat backup.pub >> authorized_keys
server$ rm backup.pub
server$ chmod 600 authorized_keys
...and change value of "PermitRootLogin" in /etc/ssh/sshd_config to "yes"
I then try to run an rsync command:
client$ rsync -r -a -v -e "ssh -l root" /var/www/html/sites/ 222.222.222.222:/home/back up/
...but I am still prompted for my password!
Any ideas?
==========================
Client Server (111.111.111.111)
==========================
client$ ssh-keygen -N '' -C backup1 -t rsa -f ~/.ssh/backup
client$ scp ~/.ssh/backup.pub 222.222.222.222:.ssh
==========================
Backup Server (222.222.222.222)
==========================
server$ cd ~/.ssh
server$ cat backup.pub >> authorized_keys
server$ rm backup.pub
server$ chmod 600 authorized_keys
...and change value of "PermitRootLogin" in /etc/ssh/sshd_config to "yes"
I then try to run an rsync command:
client$ rsync -r -a -v -e "ssh -l root" /var/www/html/sites/ 222.222.222.222:/home/back
...but I am still prompted for my password!
Any ideas?
ASKER
Yes - I am executing those steps as "root"
Yes - I changed the value of "PermitRootLogin"
Yes - I restarted SSH after making the change (the backup server is Debian)::
/etc/init.d/ssh restart
Any ideas?
Yes - I changed the value of "PermitRootLogin"
Yes - I restarted SSH after making the change (the backup server is Debian)::
/etc/init.d/ssh restart
Any ideas?
If you just say on client
ssh root@222.222.222.222
will it asks for a password?
ssh root@222.222.222.222
will it asks for a password?
BTW, check for 2 lines in sshd_config:
RSAAuthentication yes
PubkeyAuthentication yes
RSAAuthentication yes
PubkeyAuthentication yes
ASKER
If I enter "ssh root@222.222.222.222", I am prompted for a password:
client$ root@222.222.222.222's password:
Yes - "PubkeyAuthentication" is set to "yes"
client$ root@222.222.222.222's password:
Yes - "PubkeyAuthentication" is set to "yes"
Anything in /var/log/auth on 222.222.222.222?
ASKER
I see two recent entries that seem relevant. However, I do not recognize the IP address listed. It is not an IP in our network:
Oct 22 13:56:34 onit6 sshd[13942]: Did not receive identification string from 333.333.333.333
Oct 22 14:04:02 onit6 sshd[13984]: Did not receive identification string from 333.333.333.333
Oct 22 13:56:34 onit6 sshd[13942]: Did not receive identification string from 333.333.333.333
Oct 22 14:04:02 onit6 sshd[13984]: Did not receive identification string from 333.333.333.333
you could try following this tutorial
http://www.thegeekstuff.com/2008/06/perform-ssh-and-scp-without-entering-password-on-openssh/
or this one
http://waelchatila.com/2005/06/06/1118124232757.html
http://www.thegeekstuff.com/2008/06/perform-ssh-and-scp-without-entering-password-on-openssh/
or this one
http://waelchatila.com/2005/06/06/1118124232757.html
try ssh -v root@222.222.222.222 from the client and check the output
ASKER
ckhsu1977: this is what I get when I run ssh with -v...although I'm not sure what to make of it:
OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 222.222.222.222 [222.222.222.222] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debia n-9
debug1: match: OpenSSH_4.3p2 Debian-9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '222.222.222.222' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:13
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
Is this (~/.ssh/backup.) your private key on the client side?
what's the ownership and permission on the server side for ~/.ssh directory?
ASKER
The following are the current permissions (on both servers):
700 ~/.ssh
600 ~/.ssh/authorized_keys
Are these correct? Should any other file permissions be changed?
700 ~/.ssh
600 ~/.ssh/authorized_keys
Are these correct? Should any other file permissions be changed?
try this from your client side and show us the output
ssh -v -i ~/.ssh/backup root@222.222.222.222
ssh -v -i ~/.ssh/backup root@222.222.222.222
ASKER
ckhsu1977: see output below...
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 222.222.222.222 [222.222.222.222] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/backup type 1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debia n-9
debug1: match: OpenSSH_4.3p2 Debian-9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '222.222.222.222' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:13
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/backup
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks! This has been resolved.
I believe the problem was two-fold:
1) The /sshd_config file was pointing to "authorized_keys2" instead of "authorized_keys" so I'd been copying the key into the wrong file:
AuthorizedKeysFile %h/.ssh/authorized_keys2
2) I did not rename the private key
You have all been a big help. Much appreciated!
I believe the problem was two-fold:
1) The /sshd_config file was pointing to "authorized_keys2" instead of "authorized_keys" so I'd been copying the key into the wrong file:
AuthorizedKeysFile %h/.ssh/authorized_keys2
2) I did not rename the private key
You have all been a big help. Much appreciated!
server$ cd ~/.ssh
server$ cat backup.pub >> authorized_keys
server$ rm backup.pub
server$ chmod 600 authorized_keys
...and change value of "PermitRootLogin" in /etc/ssh/sshd_config to "yes"
Did you restart sshd after change?