Link to home
Create AccountLog in
Avatar of hvs69
hvs69

asked on

ssh login to remote server without password

I have been trying to setup a ssh login (without password) to a remote server from a local box without much success.

Basically, I am performing following steps:

1

Generating a key on the local machine (tried both rsa and dsa)

2

Secure Copy the public key into the .ssh folder of the remote host's home directory for the given user

3

Giving 700 permission to the .ssh folder on the remote host and 640 permission to the public key on the remote host
Still when I try to do ssh from local machine to the remote host, I get password prompt. Here is the verbose dump of me trying to initiate ssh from local machine

rdiffbackup@ubuntu:~$ ssh -v -l user remoteserver.com
OpenSSH_4.6p1 Debian-5ubuntu0.1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to remoteserver.com [xx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/rdiffbackup/.ssh/identity type -1
debug1: identity file /home/rdiffbackup/.ssh/id_rsa type -1
debug1: identity file /home/rdiffbackup/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7p1 Debian-8ubuntu1.2
debug1: match: OpenSSH_4.7p1 Debian-8ubuntu1.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-5ubuntu0.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'remoteserver.com' is known and matches the RSA host key.
debug1: Found key in /home/rdiffbackup/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/rdiffbackup/.ssh/identity
debug1: Trying private key: /home/rdiffbackup/.ssh/id_rsa
debug1: Offering public key: /home/rdiffbackup/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
user@remoteserver.com's password:

Open in new window


Can someone tell me what is the problem here?
Avatar of woolmilkporc
woolmilkporc
Flag of Germany image

Hi,

did you add your public key to the file $HOME/.ssh/authorized_keys?

wmp

... on remoteserver.com?
Do you tell the SSH service you want to use key auth?

There should be some lines similar to these:

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

They need to be uncommented / added depending on what auth you want to use.

I am using redhat so it might be slightly different for ubuntu, not sure. But either way the server needs to know you want to allow key authentication.
It may also be necessary to restart the ssh daemon.

/etc/init.d/sshd restart

Avatar of hvs69
hvs69

ASKER

@woolmilk

Yes. I have the public key renamed as authorized_keys. Some sites were suggesting that it should be named as authorized_keys2. I tried that too.

@savone

Your suggestions were good one. I edited the /etc/ssh/ssh_config files to add the 3 directives you mentioned. I also restarted the ssh daemon per your suggestion.

However, when I try to do the ssh the third directive generates following error

/etc/ssh/ssh_config: line 52: Bad configuration option: AuthorizedKeysFile


So, I had to remove that line from the config file. In any case, I am still being prompted for password
Avatar of hvs69

ASKER

@omarfarid

Thanks for the link. The article does not seem to say anything additional than what I have already tried. However, the following comment on the article drew my attention

Actually, even with an SSH2 public key, they will still need your passphrase to login.

If you want to make it more secure, you need to disable your SSH2 daemon to only accept public key authentication. By default it will use that first, and then fall back to password authentication if the first one fails.

Could this be my problem? How do I disable passphrase authentication?
Don't enter a passphrase when prompted during key generation.
According to the log you posted there is no such passphrase.

wmp
Please follow the following steps carefully
Both the machines must not be on DHCP the network interface connecting both the machines must be allocated some ip.
In the /etc/hosts file on both the machines enter

ip     client_name
ip     server_name
 
Login to the client machine with the username who has to login without password
execute the following in sequence do not answer anything when executing just press 'Enter'

ssh-keygen -t rsa
ssh-keygen -t dsa

Execution of the above two commands will create a .ssh folder in the home directory of the user.
cd .ssh
cat id_dsa.pub > client_keys
cat id_rsa.pub >> client_keys

now copy the client_keys to the server in the similar location i.e a same username must exist on the server.
scp -p client_keys server_name:/home/username/.ssh/client_keys
you will asked to enter login name and password
provide the username and password of the server (username on the server whose credentials will be used to login without password)

Login to the server machine with the similar username who has to login without password
execute the following in sequence do not answer anything when executing just press 'Enter'

ssh-keygen -t rsa
ssh-keygen -t dsa

cd .ssh
cat id_dsa.pub > server_keys
cat id_rsa.pub >> server_keys

mv client_keys authorized_keys

now copy the server_keys to the client in the location of username home .ssh folder.
scp -p server_keys client_name:/home/username/.ssh/server_keys
you will asked to enter login name and password, provide the username who has to login without password

Login to the client machine again with the username who has to login without password
cd .ssh
mv server_keys authorized_keys

done....

to check login to the client machine with the username who has to login without password
execute
ssh server_name date
Are you sure you want a login without password? There are definitely security issues doing that. Don't you want to use the ssh-agent?

If you want, do as follow.

start ssh-agent.
ssh-add
or ssh-add <some other key than id_rsa>

Move you public part of your key to the server as already described by others.

login to other system via ssh as usual.

Don't forget to change time-out or restart ssh-agent when restarting your system. I always have ssh-agent running and quit long time-out. About a working day. This way I only need to issue my key-password once a day.
ASKER CERTIFIED SOLUTION
Avatar of mccracky
mccracky
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account