Solved

cannot ssh to other host even with the public key copied to another host's authorized_keys file

Posted on 2016-07-21
7
86 Views
Last Modified: 2016-07-25
I got the following error when I tried to ssh to another host. I enabled the password authentication in sshd_config file. My final goal is to enable keyless authentication because I have a scheduled rsync command to run in my crontab .

I used ssh-keygen command to create the default rsa private and public key for root user.

Please help me go through this step by step.

[root@magentoprod-apache1 .ssh]# ssh root@magentoprod-apache2
root@magentoprod-apache2's password:
Permission denied, please try again.
root@magentoprod-apache2's password:
Permission denied, please try again.
root@magentoprod-apache2's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@magentoprod-apache1 .ssh]#
0
Comment
Question by:Jason Yu
7 Comments
 

Author Comment

by:Jason Yu
Comment Utility
[root@magentoprod-apache1 .ssh]# ls -alth
total 20K
-rw-r--r--  1 root root  746 Jul 21 16:58 known_hosts
drwx------. 3 root root   90 Jul 21 16:40 .
-rw-------  1 root root 1.7K Jul 21 16:39 id_rsa
-rw-r--r--  1 root root  406 Jul 21 16:39 id_rsa.pub
drwxr-xr-x  2 root root   64 Jul 21 16:38 oldkeys
dr-xr-x---. 4 root root 4.0K Jul 18 10:05 ..
-rw-------  1 root root  953 Jul 14 15:11 authorized_keys
[root@magentoprod-apache1 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPYazp8euMmkUi+5iSAeSHkmeQtu2MsuxW4Qq9xvrGbdVPg0/75RmUeaLUXvS/xNexOXRiYlKGTWej3Nych0isej4IPILZOTsW7K0pS1q3AFEFywgv9ke98HZZY0xJ4N8CIEZi0FWQi9EYaowvwoAnL5VTX7hCkOYpS1b5XbW6Pmh7Ww+UGYRn8SvFE+dBw0NNmWxl3h6RLUINt3suv5LpoUO4moOVrEE0ySv0vsArggEGG4uheb1Z5/J5nMkCfC6ejO62jLHDrs+nvWC/BuKVkNKc2W5cF9hY8ALtdjEOfcuC1CPMkKsTQAwtVnz4jwhC4+lkcUVVf8+pMFgODSAR root@magentoprod-apache1
[root@magentoprod-apache1 .ssh]#



[root@magentoprod-apache2 .ssh]# cat authorized_keys
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"ec2-user\" rather than the user \"root\".';echo;sleep 10" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHGapVZBL7ZHdWH7A/Zbi7+EmVi6ALpjXhD7101+S16twpSvv43LbO8/mPGgS+fpwzxBrBHzyQJChYjIRQ3bQlldCGGoKMdGJdeQVAtp16dJ2OzPmR2GVhp3LFHSlzOmgBpsGtxieOYDwz5Emtu9gzLyKjYqrL6i+Mewxb872zNC3xJDJlE6DFkQGyv+BoIXF402WXGxgQyNlYKUaoyc58HzxHpIW9Zjc1y4dLCli4iFJzW0HzI3TMrDuyYoI5Mdve44xiOSspHbZIHGnk77wjU0XFic9jCQHAwscdl4wlybwXGSD7JgfbEjpvJ337DJVXuFF5tqj6rohpt7TUCQkP avery123
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPYazp8euMmkUi+5iSAeSHkmeQtu2MsuxW4Qq9xvrGbdVPg0/75RmUeaLUXvS/xNexOXRiYlKGTWej3Nych0isej4IPILZOTsW7K0pS1q3AFEFywgv9ke98HZZY0xJ4N8CIEZi0FWQi9EYaowvwoAnL5VTX7hCkOYpS1b5XbW6Pmh7Ww+UGYRn8SvFE+dBw0NNmWxl3h6RLUINt3suv5LpoUO4moOVrEE0ySv0vsArggEGG4uheb1Z5/J5nMkCfC6ejO62jLHDrs+nvWC/BuKVkNKc2W5cF9hY8ALtdjEOfcuC1CPMkKsTQAwtVnz4jwhC4+lkcUVVf8+pMFgODSAR root@magentoprod-apache1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPYazp8euMmkUi+5iSAeSHkmeQtu2MsuxW4Qq9xvrGbdVPg0/75RmUeaLUXvS/xNexOXRiYlKGTWej3Nych0isej4IPILZOTsW7K0pS1q3AFEFywgv9ke98HZZY0xJ4N8CIEZi0FWQi9EYaowvwoAnL5VTX7hCkOYpS1b5XbW6Pmh7Ww+UGYRn8SvFE+dBw0NNmWxl3h6RLUINt3suv5LpoUO4moOVrEE0ySv0vsArggEGG4uheb1Z5/J5nMkCfC6ejO62jLHDrs+nvWC/BuKVkNKc2W5cF9hY8ALtdjEOfcuC1CPMkKsTQAwtVnz4jwhC4+lkcUVVf8+pMFgODSAR root@magentoprod-apache1
0
 
LVL 27

Accepted Solution

by:
serialband earned 250 total points
Comment Utility
http://www.linux.org/threads/how-to-force-ssh-login-via-public-key-authentication.4253/

You need to enable...

PubkeyAuthentication yes
RSAAuthentication yes


...in your sshd_config file, then reload ssh.
0
 

Author Comment

by:Jason Yu
Comment Utility
for the first option, mine is commented out, but I checked an existing server, it was commented out too. I guess that is because we have a ldap server, we use that ldap server to authenticate all the users.

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys

#AuthorizedPrincipalsFile none

AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper
AuthorizedKeysCommandUser ec2-user
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 32

Assisted Solution

by:shalomc
shalomc earned 125 total points
Comment Utility
You used AWS Linux.. On AWS Linux the proper way is to login with ec2-user NOT with root, and then switch to root with sudo/su.

You can simply make sure that ec2-user has the proper authority to rsync the files.
0
 

Author Comment

by:Jason Yu
Comment Utility
I was able to run rsync now by enable without-password option for root user on sshdc_config file.

However, when I run the rsync command like below "rsync -avr /var/www/html/media root@magentoprod-apache2:/var/www/html/media/", the newest files are not being copied to.


any thoughts about it?
0
 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 125 total points
Comment Utility
On Linux servers in /etc/ssh/sshd_config file. Changes the following:
A. Change “#PermitRootLogin yes” to “PermitRootLogin without-password” and
B. Change “DenyGoups root” to “#DenyGoups root”

Sudeep
0
 

Author Comment

by:Jason Yu
Comment Utility
I got this issue resolved now. thank you all experts here, I appreciate your help.

Jason
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now