Link to home
Start Free TrialLog in
Avatar of bearclaws75
bearclaws75

asked on

Rsync: unable to setup a SSH key pair without password.

I'm trying to setup a public key without a password so I can automate rsync backups from one server to another. I've done the following:

=====================================
Client Server (111.111.111.111)
=====================================
client$   ssh-keygen -N '' -C backup1 -t rsa -f ~/.ssh/backup
client$   scp ~/.ssh/backup.pub 222.222.222.222:.ssh

=====================================
Backup Server (222.222.222.222)
=====================================
server$   cd ~/.ssh
server$   cat backup.pub >> authorized_keys
server$   rm backup.pub
server$   chmod 600 authorized_keys
...and change value of "PermitRootLogin" in /etc/ssh/sshd_config to "yes"

I then try to run an rsync command:

client$   rsync -r -a -v -e "ssh -l root" /var/www/html/sites/ 222.222.222.222:/home/backup/

...but I am still prompted for my password!

Any ideas?
Avatar of medvedd
medvedd
Are you doing this part on Backup Server as root?

server$   cd ~/.ssh
server$   cat backup.pub >> authorized_keys
server$   rm backup.pub
server$   chmod 600 authorized_keys

...and change value of "PermitRootLogin" in /etc/ssh/sshd_config to "yes"

Did you restart sshd after change?
Avatar of bearclaws75
bearclaws75

ASKER

Yes - I am executing those steps as "root"

Yes - I changed the value of "PermitRootLogin"

Yes - I restarted SSH after making the change (the backup server is Debian)::
/etc/init.d/ssh restart

Any ideas?
Avatar of medvedd
medvedd
If you just say on client

ssh root@222.222.222.222

will it asks for a password?
Avatar of medvedd
medvedd
BTW, check for 2 lines in sshd_config:

RSAAuthentication yes
PubkeyAuthentication yes
Avatar of bearclaws75
bearclaws75

ASKER

If I enter "ssh root@222.222.222.222", I am prompted for a password:
client$ root@222.222.222.222's password:

Yes - "PubkeyAuthentication" is set to "yes"

Avatar of medvedd
medvedd
Anything in /var/log/auth on 222.222.222.222?
Avatar of bearclaws75
bearclaws75

ASKER

I see two recent entries that seem relevant. However, I do not recognize the IP address listed. It is not an IP in our network:

Oct 22 13:56:34 onit6 sshd[13942]: Did not receive identification string from 333.333.333.333
Oct 22 14:04:02 onit6 sshd[13984]: Did not receive identification string from 333.333.333.333

Avatar of ckhsu1977
ckhsu1977
try ssh -v root@222.222.222.222 from the client and check the output
Avatar of bearclaws75
bearclaws75

ASKER

ckhsu1977: this is what I get when I run ssh with -v...although I'm not sure what to make of it:
OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 222.222.222.222 [222.222.222.222] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debia                                                                             n-9
debug1: match: OpenSSH_4.3p2 Debian-9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '222.222.222.222' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:13
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password

Open in new window

Avatar of ckhsu1977
ckhsu1977
Is this (~/.ssh/backup.) your private key on the client side?
Avatar of ckhsu1977
ckhsu1977
what's the ownership and permission on the server side for ~/.ssh directory?
Avatar of bearclaws75
bearclaws75

ASKER

The following are the current permissions (on both servers):

700  ~/.ssh
600 ~/.ssh/authorized_keys

Are these correct? Should any other file permissions be changed?
Avatar of ckhsu1977
ckhsu1977
try this from your client side and show us the output
ssh -v -i ~/.ssh/backup root@222.222.222.222
Avatar of bearclaws75
bearclaws75

ASKER

ckhsu1977: see output below...
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 222.222.222.222 [222.222.222.222] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/backup type 1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debia                                                                             n-9
debug1: match: OpenSSH_4.3p2 Debian-9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '222.222.222.222' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:13
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/backup
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of ckhsu1977
ckhsu1977
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of medvedd
medvedd
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of bearclaws75
bearclaws75

ASKER

Thanks! This has been resolved.

I believe the problem was two-fold:

1) The /sshd_config file was pointing to "authorized_keys2" instead of "authorized_keys" so I'd been copying the key into the wrong file:
AuthorizedKeysFile      %h/.ssh/authorized_keys2

2) I did not rename the private key

You have all been a big help. Much appreciated!