Solved

cannot ssh to other host even with the public key copied to another host's authorized_keys file

Posted on 2016-07-21
7
93 Views
Last Modified: 2016-07-25
I got the following error when I tried to ssh to another host. I enabled the password authentication in sshd_config file. My final goal is to enable keyless authentication because I have a scheduled rsync command to run in my crontab .

I used ssh-keygen command to create the default rsa private and public key for root user.

Please help me go through this step by step.

[root@magentoprod-apache1 .ssh]# ssh root@magentoprod-apache2
root@magentoprod-apache2's password:
Permission denied, please try again.
root@magentoprod-apache2's password:
Permission denied, please try again.
root@magentoprod-apache2's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@magentoprod-apache1 .ssh]#
0
Comment
Question by:Jason Yu
7 Comments
 

Author Comment

by:Jason Yu
ID: 41723937
[root@magentoprod-apache1 .ssh]# ls -alth
total 20K
-rw-r--r--  1 root root  746 Jul 21 16:58 known_hosts
drwx------. 3 root root   90 Jul 21 16:40 .
-rw-------  1 root root 1.7K Jul 21 16:39 id_rsa
-rw-r--r--  1 root root  406 Jul 21 16:39 id_rsa.pub
drwxr-xr-x  2 root root   64 Jul 21 16:38 oldkeys
dr-xr-x---. 4 root root 4.0K Jul 18 10:05 ..
-rw-------  1 root root  953 Jul 14 15:11 authorized_keys
[root@magentoprod-apache1 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPYazp8euMmkUi+5iSAeSHkmeQtu2MsuxW4Qq9xvrGbdVPg0/75RmUeaLUXvS/xNexOXRiYlKGTWej3Nych0isej4IPILZOTsW7K0pS1q3AFEFywgv9ke98HZZY0xJ4N8CIEZi0FWQi9EYaowvwoAnL5VTX7hCkOYpS1b5XbW6Pmh7Ww+UGYRn8SvFE+dBw0NNmWxl3h6RLUINt3suv5LpoUO4moOVrEE0ySv0vsArggEGG4uheb1Z5/J5nMkCfC6ejO62jLHDrs+nvWC/BuKVkNKc2W5cF9hY8ALtdjEOfcuC1CPMkKsTQAwtVnz4jwhC4+lkcUVVf8+pMFgODSAR root@magentoprod-apache1
[root@magentoprod-apache1 .ssh]#



[root@magentoprod-apache2 .ssh]# cat authorized_keys
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"ec2-user\" rather than the user \"root\".';echo;sleep 10" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHGapVZBL7ZHdWH7A/Zbi7+EmVi6ALpjXhD7101+S16twpSvv43LbO8/mPGgS+fpwzxBrBHzyQJChYjIRQ3bQlldCGGoKMdGJdeQVAtp16dJ2OzPmR2GVhp3LFHSlzOmgBpsGtxieOYDwz5Emtu9gzLyKjYqrL6i+Mewxb872zNC3xJDJlE6DFkQGyv+BoIXF402WXGxgQyNlYKUaoyc58HzxHpIW9Zjc1y4dLCli4iFJzW0HzI3TMrDuyYoI5Mdve44xiOSspHbZIHGnk77wjU0XFic9jCQHAwscdl4wlybwXGSD7JgfbEjpvJ337DJVXuFF5tqj6rohpt7TUCQkP avery123
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPYazp8euMmkUi+5iSAeSHkmeQtu2MsuxW4Qq9xvrGbdVPg0/75RmUeaLUXvS/xNexOXRiYlKGTWej3Nych0isej4IPILZOTsW7K0pS1q3AFEFywgv9ke98HZZY0xJ4N8CIEZi0FWQi9EYaowvwoAnL5VTX7hCkOYpS1b5XbW6Pmh7Ww+UGYRn8SvFE+dBw0NNmWxl3h6RLUINt3suv5LpoUO4moOVrEE0ySv0vsArggEGG4uheb1Z5/J5nMkCfC6ejO62jLHDrs+nvWC/BuKVkNKc2W5cF9hY8ALtdjEOfcuC1CPMkKsTQAwtVnz4jwhC4+lkcUVVf8+pMFgODSAR root@magentoprod-apache1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPYazp8euMmkUi+5iSAeSHkmeQtu2MsuxW4Qq9xvrGbdVPg0/75RmUeaLUXvS/xNexOXRiYlKGTWej3Nych0isej4IPILZOTsW7K0pS1q3AFEFywgv9ke98HZZY0xJ4N8CIEZi0FWQi9EYaowvwoAnL5VTX7hCkOYpS1b5XbW6Pmh7Ww+UGYRn8SvFE+dBw0NNmWxl3h6RLUINt3suv5LpoUO4moOVrEE0ySv0vsArggEGG4uheb1Z5/J5nMkCfC6ejO62jLHDrs+nvWC/BuKVkNKc2W5cF9hY8ALtdjEOfcuC1CPMkKsTQAwtVnz4jwhC4+lkcUVVf8+pMFgODSAR root@magentoprod-apache1
0
 
LVL 28

Accepted Solution

by:
serialband earned 250 total points
ID: 41724075
http://www.linux.org/threads/how-to-force-ssh-login-via-public-key-authentication.4253/

You need to enable...

PubkeyAuthentication yes
RSAAuthentication yes


...in your sshd_config file, then reload ssh.
0
 

Author Comment

by:Jason Yu
ID: 41725138
for the first option, mine is commented out, but I checked an existing server, it was commented out too. I guess that is because we have a ldap server, we use that ldap server to authenticate all the users.

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys

#AuthorizedPrincipalsFile none

AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper
AuthorizedKeysCommandUser ec2-user
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 33

Assisted Solution

by:shalomc
shalomc earned 125 total points
ID: 41725264
You used AWS Linux.. On AWS Linux the proper way is to login with ec2-user NOT with root, and then switch to root with sudo/su.

You can simply make sure that ec2-user has the proper authority to rsync the files.
0
 

Author Comment

by:Jason Yu
ID: 41725329
I was able to run rsync now by enable without-password option for root user on sshdc_config file.

However, when I run the rsync command like below "rsync -avr /var/www/html/media root@magentoprod-apache2:/var/www/html/media/", the newest files are not being copied to.


any thoughts about it?
0
 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 125 total points
ID: 41727128
On Linux servers in /etc/ssh/sshd_config file. Changes the following:
A. Change “#PermitRootLogin yes” to “PermitRootLogin without-password” and
B. Change “DenyGoups root” to “#DenyGoups root”

Sudeep
0
 

Author Comment

by:Jason Yu
ID: 41728333
I got this issue resolved now. thank you all experts here, I appreciate your help.

Jason
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now