Solved

cannot ssh to other host even with the public key copied to another host's authorized_keys file

Posted on 2016-07-21
7
98 Views
Last Modified: 2016-07-25
I got the following error when I tried to ssh to another host. I enabled the password authentication in sshd_config file. My final goal is to enable keyless authentication because I have a scheduled rsync command to run in my crontab .

I used ssh-keygen command to create the default rsa private and public key for root user.

Please help me go through this step by step.

[root@magentoprod-apache1 .ssh]# ssh root@magentoprod-apache2
root@magentoprod-apache2's password:
Permission denied, please try again.
root@magentoprod-apache2's password:
Permission denied, please try again.
root@magentoprod-apache2's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@magentoprod-apache1 .ssh]#
0
Comment
Question by:Jason Yu
7 Comments
 

Author Comment

by:Jason Yu
ID: 41723937
[root@magentoprod-apache1 .ssh]# ls -alth
total 20K
-rw-r--r--  1 root root  746 Jul 21 16:58 known_hosts
drwx------. 3 root root   90 Jul 21 16:40 .
-rw-------  1 root root 1.7K Jul 21 16:39 id_rsa
-rw-r--r--  1 root root  406 Jul 21 16:39 id_rsa.pub
drwxr-xr-x  2 root root   64 Jul 21 16:38 oldkeys
dr-xr-x---. 4 root root 4.0K Jul 18 10:05 ..
-rw-------  1 root root  953 Jul 14 15:11 authorized_keys
[root@magentoprod-apache1 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPYazp8euMmkUi+5iSAeSHkmeQtu2MsuxW4Qq9xvrGbdVPg0/75RmUeaLUXvS/xNexOXRiYlKGTWej3Nych0isej4IPILZOTsW7K0pS1q3AFEFywgv9ke98HZZY0xJ4N8CIEZi0FWQi9EYaowvwoAnL5VTX7hCkOYpS1b5XbW6Pmh7Ww+UGYRn8SvFE+dBw0NNmWxl3h6RLUINt3suv5LpoUO4moOVrEE0ySv0vsArggEGG4uheb1Z5/J5nMkCfC6ejO62jLHDrs+nvWC/BuKVkNKc2W5cF9hY8ALtdjEOfcuC1CPMkKsTQAwtVnz4jwhC4+lkcUVVf8+pMFgODSAR root@magentoprod-apache1
[root@magentoprod-apache1 .ssh]#



[root@magentoprod-apache2 .ssh]# cat authorized_keys
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"ec2-user\" rather than the user \"root\".';echo;sleep 10" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHGapVZBL7ZHdWH7A/Zbi7+EmVi6ALpjXhD7101+S16twpSvv43LbO8/mPGgS+fpwzxBrBHzyQJChYjIRQ3bQlldCGGoKMdGJdeQVAtp16dJ2OzPmR2GVhp3LFHSlzOmgBpsGtxieOYDwz5Emtu9gzLyKjYqrL6i+Mewxb872zNC3xJDJlE6DFkQGyv+BoIXF402WXGxgQyNlYKUaoyc58HzxHpIW9Zjc1y4dLCli4iFJzW0HzI3TMrDuyYoI5Mdve44xiOSspHbZIHGnk77wjU0XFic9jCQHAwscdl4wlybwXGSD7JgfbEjpvJ337DJVXuFF5tqj6rohpt7TUCQkP avery123
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPYazp8euMmkUi+5iSAeSHkmeQtu2MsuxW4Qq9xvrGbdVPg0/75RmUeaLUXvS/xNexOXRiYlKGTWej3Nych0isej4IPILZOTsW7K0pS1q3AFEFywgv9ke98HZZY0xJ4N8CIEZi0FWQi9EYaowvwoAnL5VTX7hCkOYpS1b5XbW6Pmh7Ww+UGYRn8SvFE+dBw0NNmWxl3h6RLUINt3suv5LpoUO4moOVrEE0ySv0vsArggEGG4uheb1Z5/J5nMkCfC6ejO62jLHDrs+nvWC/BuKVkNKc2W5cF9hY8ALtdjEOfcuC1CPMkKsTQAwtVnz4jwhC4+lkcUVVf8+pMFgODSAR root@magentoprod-apache1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPYazp8euMmkUi+5iSAeSHkmeQtu2MsuxW4Qq9xvrGbdVPg0/75RmUeaLUXvS/xNexOXRiYlKGTWej3Nych0isej4IPILZOTsW7K0pS1q3AFEFywgv9ke98HZZY0xJ4N8CIEZi0FWQi9EYaowvwoAnL5VTX7hCkOYpS1b5XbW6Pmh7Ww+UGYRn8SvFE+dBw0NNmWxl3h6RLUINt3suv5LpoUO4moOVrEE0ySv0vsArggEGG4uheb1Z5/J5nMkCfC6ejO62jLHDrs+nvWC/BuKVkNKc2W5cF9hY8ALtdjEOfcuC1CPMkKsTQAwtVnz4jwhC4+lkcUVVf8+pMFgODSAR root@magentoprod-apache1
0
 
LVL 28

Accepted Solution

by:
serialband earned 250 total points
ID: 41724075
http://www.linux.org/threads/how-to-force-ssh-login-via-public-key-authentication.4253/

You need to enable...

PubkeyAuthentication yes
RSAAuthentication yes


...in your sshd_config file, then reload ssh.
0
 

Author Comment

by:Jason Yu
ID: 41725138
for the first option, mine is commented out, but I checked an existing server, it was commented out too. I guess that is because we have a ldap server, we use that ldap server to authenticate all the users.

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys

#AuthorizedPrincipalsFile none

AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper
AuthorizedKeysCommandUser ec2-user
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 33

Assisted Solution

by:shalomc
shalomc earned 125 total points
ID: 41725264
You used AWS Linux.. On AWS Linux the proper way is to login with ec2-user NOT with root, and then switch to root with sudo/su.

You can simply make sure that ec2-user has the proper authority to rsync the files.
0
 

Author Comment

by:Jason Yu
ID: 41725329
I was able to run rsync now by enable without-password option for root user on sshdc_config file.

However, when I run the rsync command like below "rsync -avr /var/www/html/media root@magentoprod-apache2:/var/www/html/media/", the newest files are not being copied to.


any thoughts about it?
0
 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 125 total points
ID: 41727128
On Linux servers in /etc/ssh/sshd_config file. Changes the following:
A. Change “#PermitRootLogin yes” to “PermitRootLogin without-password” and
B. Change “DenyGoups root” to “#DenyGoups root”

Sudeep
0
 

Author Comment

by:Jason Yu
ID: 41728333
I got this issue resolved now. thank you all experts here, I appreciate your help.

Jason
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
A brief introduction to what I consider to be the best editor for PowerShell.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question