Solved

cannot ssh to other host even with the public key copied to another host's authorized_keys file

Posted on 2016-07-21
7
116 Views
Last Modified: 2016-07-25
I got the following error when I tried to ssh to another host. I enabled the password authentication in sshd_config file. My final goal is to enable keyless authentication because I have a scheduled rsync command to run in my crontab .

I used ssh-keygen command to create the default rsa private and public key for root user.

Please help me go through this step by step.

[root@magentoprod-apache1 .ssh]# ssh root@magentoprod-apache2
root@magentoprod-apache2's password:
Permission denied, please try again.
root@magentoprod-apache2's password:
Permission denied, please try again.
root@magentoprod-apache2's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@magentoprod-apache1 .ssh]#
0
Comment
Question by:Jason Yu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 

Author Comment

by:Jason Yu
ID: 41723937
[root@magentoprod-apache1 .ssh]# ls -alth
total 20K
-rw-r--r--  1 root root  746 Jul 21 16:58 known_hosts
drwx------. 3 root root   90 Jul 21 16:40 .
-rw-------  1 root root 1.7K Jul 21 16:39 id_rsa
-rw-r--r--  1 root root  406 Jul 21 16:39 id_rsa.pub
drwxr-xr-x  2 root root   64 Jul 21 16:38 oldkeys
dr-xr-x---. 4 root root 4.0K Jul 18 10:05 ..
-rw-------  1 root root  953 Jul 14 15:11 authorized_keys
[root@magentoprod-apache1 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPYazp8euMmkUi+5iSAeSHkmeQtu2MsuxW4Qq9xvrGbdVPg0/75RmUeaLUXvS/xNexOXRiYlKGTWej3Nych0isej4IPILZOTsW7K0pS1q3AFEFywgv9ke98HZZY0xJ4N8CIEZi0FWQi9EYaowvwoAnL5VTX7hCkOYpS1b5XbW6Pmh7Ww+UGYRn8SvFE+dBw0NNmWxl3h6RLUINt3suv5LpoUO4moOVrEE0ySv0vsArggEGG4uheb1Z5/J5nMkCfC6ejO62jLHDrs+nvWC/BuKVkNKc2W5cF9hY8ALtdjEOfcuC1CPMkKsTQAwtVnz4jwhC4+lkcUVVf8+pMFgODSAR root@magentoprod-apache1
[root@magentoprod-apache1 .ssh]#



[root@magentoprod-apache2 .ssh]# cat authorized_keys
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"ec2-user\" rather than the user \"root\".';echo;sleep 10" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHGapVZBL7ZHdWH7A/Zbi7+EmVi6ALpjXhD7101+S16twpSvv43LbO8/mPGgS+fpwzxBrBHzyQJChYjIRQ3bQlldCGGoKMdGJdeQVAtp16dJ2OzPmR2GVhp3LFHSlzOmgBpsGtxieOYDwz5Emtu9gzLyKjYqrL6i+Mewxb872zNC3xJDJlE6DFkQGyv+BoIXF402WXGxgQyNlYKUaoyc58HzxHpIW9Zjc1y4dLCli4iFJzW0HzI3TMrDuyYoI5Mdve44xiOSspHbZIHGnk77wjU0XFic9jCQHAwscdl4wlybwXGSD7JgfbEjpvJ337DJVXuFF5tqj6rohpt7TUCQkP avery123
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPYazp8euMmkUi+5iSAeSHkmeQtu2MsuxW4Qq9xvrGbdVPg0/75RmUeaLUXvS/xNexOXRiYlKGTWej3Nych0isej4IPILZOTsW7K0pS1q3AFEFywgv9ke98HZZY0xJ4N8CIEZi0FWQi9EYaowvwoAnL5VTX7hCkOYpS1b5XbW6Pmh7Ww+UGYRn8SvFE+dBw0NNmWxl3h6RLUINt3suv5LpoUO4moOVrEE0ySv0vsArggEGG4uheb1Z5/J5nMkCfC6ejO62jLHDrs+nvWC/BuKVkNKc2W5cF9hY8ALtdjEOfcuC1CPMkKsTQAwtVnz4jwhC4+lkcUVVf8+pMFgODSAR root@magentoprod-apache1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPYazp8euMmkUi+5iSAeSHkmeQtu2MsuxW4Qq9xvrGbdVPg0/75RmUeaLUXvS/xNexOXRiYlKGTWej3Nych0isej4IPILZOTsW7K0pS1q3AFEFywgv9ke98HZZY0xJ4N8CIEZi0FWQi9EYaowvwoAnL5VTX7hCkOYpS1b5XbW6Pmh7Ww+UGYRn8SvFE+dBw0NNmWxl3h6RLUINt3suv5LpoUO4moOVrEE0ySv0vsArggEGG4uheb1Z5/J5nMkCfC6ejO62jLHDrs+nvWC/BuKVkNKc2W5cF9hY8ALtdjEOfcuC1CPMkKsTQAwtVnz4jwhC4+lkcUVVf8+pMFgODSAR root@magentoprod-apache1
0
 
LVL 30

Accepted Solution

by:
serialband earned 250 total points
ID: 41724075
http://www.linux.org/threads/how-to-force-ssh-login-via-public-key-authentication.4253/

You need to enable...

PubkeyAuthentication yes
RSAAuthentication yes


...in your sshd_config file, then reload ssh.
0
 

Author Comment

by:Jason Yu
ID: 41725138
for the first option, mine is commented out, but I checked an existing server, it was commented out too. I guess that is because we have a ldap server, we use that ldap server to authenticate all the users.

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys

#AuthorizedPrincipalsFile none

AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper
AuthorizedKeysCommandUser ec2-user
0
Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

 
LVL 33

Assisted Solution

by:shalomc
shalomc earned 125 total points
ID: 41725264
You used AWS Linux.. On AWS Linux the proper way is to login with ec2-user NOT with root, and then switch to root with sudo/su.

You can simply make sure that ec2-user has the proper authority to rsync the files.
0
 

Author Comment

by:Jason Yu
ID: 41725329
I was able to run rsync now by enable without-password option for root user on sshdc_config file.

However, when I run the rsync command like below "rsync -avr /var/www/html/media root@magentoprod-apache2:/var/www/html/media/", the newest files are not being copied to.


any thoughts about it?
0
 
LVL 30

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 125 total points
ID: 41727128
On Linux servers in /etc/ssh/sshd_config file. Changes the following:
A. Change “#PermitRootLogin yes” to “PermitRootLogin without-password” and
B. Change “DenyGoups root” to “#DenyGoups root”

Sudeep
0
 

Author Comment

by:Jason Yu
ID: 41728333
I got this issue resolved now. thank you all experts here, I appreciate your help.

Jason
0

Featured Post

WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question