Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Passwordless SSH issue

Posted on 2013-06-14
10
Medium Priority
?
329 Views
Last Modified: 2013-06-27
I have a client that is requiring me to setup an ssh server that they can access with no password. I think I have configured everything properly however they are still being prompted for a password. When trying a loop back after generating local keys I am also being prompted for a pass. Can someone please lend some guidance as I am out of ideas.

I have attached a screenshot of my loopback debug log.

Thanks
0
Comment
Question by:MRS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 9

Expert Comment

by:gt2847c
ID: 39247661
Did you set up the authorized_keys file in the users .ssh directory?
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 39247778
The users public key (from the remote machine) needs to be added to the authorized_keys or authorized_keys2 (whichever the sshd_config specifies) file of the local account.
0
 
LVL 9

Accepted Solution

by:
gt2847c earned 1500 total points
ID: 39247792
Here's an article on configuring the authorized_keys file.  

The sshd_config file _jesper_ mentions is often located in /etc/ssh/  

Look for the line:

#AuthorizedKeysFile     .ssh/authorized_keys

The above is commented out, but shows the default that SSH looks for.  If that line is not commented out, then substitute the named file for authorized_keys
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:MRS
ID: 39247830
I have the public key in the users authorized_keys file and the permissions on .shh set to 700 and authorized_keys set to 640 but still no success. Is there something in the sshd_config that needs to be changed?
0
 
LVL 9

Expert Comment

by:gt2847c
ID: 39247840
could you post the debug you mentioned in the original post?  that never got attached.
0
 
LVL 9

Expert Comment

by:gt2847c
ID: 39247845
Also, did you check the permissions on the key files themselves?  Those too are checked.  Those should be 600 or 400.
0
 

Author Comment

by:MRS
ID: 39247855
I thought that adding the keys to authorized_keys did away with the requirement to keep the key? In fact I have seen many documents stating to remove them from the system
0
 
LVL 9

Expert Comment

by:gt2847c
ID: 39247880
If they're gone, shouldn't be a problem other than you mentioned tried the login locally, so you would have to have the private key for that to work and not get prompted for the password.
0
 
LVL 1

Expert Comment

by:crucial_paradigm
ID: 39258214
Could be as simple as the way the user is connecting?

are they using:
ssh <ip address>

as opposed to:
ssh user@<ipaddress>
0
 
LVL 3

Expert Comment

by:rajeev2353
ID: 39264975
hi,
you can do it in simple method without password go to other server

you can run this command

 cat /root/.ssh/id_rsa.pub | ssh b@B 'cat >> /root/.ssh/authorized_keys'
b@B's password: give the password

and go to command
# ssh b@b

you are log in without password
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question