Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

cannot ssh to other host even with the public key copied to another host's authorized_keys file

Posted on 2016-07-21
7
Medium Priority
?
127 Views
Last Modified: 2016-07-25
I got the following error when I tried to ssh to another host. I enabled the password authentication in sshd_config file. My final goal is to enable keyless authentication because I have a scheduled rsync command to run in my crontab .

I used ssh-keygen command to create the default rsa private and public key for root user.

Please help me go through this step by step.

[root@magentoprod-apache1 .ssh]# ssh root@magentoprod-apache2
root@magentoprod-apache2's password:
Permission denied, please try again.
root@magentoprod-apache2's password:
Permission denied, please try again.
root@magentoprod-apache2's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@magentoprod-apache1 .ssh]#
0
Comment
Question by:Jason Yu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 

Author Comment

by:Jason Yu
ID: 41723937
[root@magentoprod-apache1 .ssh]# ls -alth
total 20K
-rw-r--r--  1 root root  746 Jul 21 16:58 known_hosts
drwx------. 3 root root   90 Jul 21 16:40 .
-rw-------  1 root root 1.7K Jul 21 16:39 id_rsa
-rw-r--r--  1 root root  406 Jul 21 16:39 id_rsa.pub
drwxr-xr-x  2 root root   64 Jul 21 16:38 oldkeys
dr-xr-x---. 4 root root 4.0K Jul 18 10:05 ..
-rw-------  1 root root  953 Jul 14 15:11 authorized_keys
[root@magentoprod-apache1 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPYazp8euMmkUi+5iSAeSHkmeQtu2MsuxW4Qq9xvrGbdVPg0/75RmUeaLUXvS/xNexOXRiYlKGTWej3Nych0isej4IPILZOTsW7K0pS1q3AFEFywgv9ke98HZZY0xJ4N8CIEZi0FWQi9EYaowvwoAnL5VTX7hCkOYpS1b5XbW6Pmh7Ww+UGYRn8SvFE+dBw0NNmWxl3h6RLUINt3suv5LpoUO4moOVrEE0ySv0vsArggEGG4uheb1Z5/J5nMkCfC6ejO62jLHDrs+nvWC/BuKVkNKc2W5cF9hY8ALtdjEOfcuC1CPMkKsTQAwtVnz4jwhC4+lkcUVVf8+pMFgODSAR root@magentoprod-apache1
[root@magentoprod-apache1 .ssh]#



[root@magentoprod-apache2 .ssh]# cat authorized_keys
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"ec2-user\" rather than the user \"root\".';echo;sleep 10" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHGapVZBL7ZHdWH7A/Zbi7+EmVi6ALpjXhD7101+S16twpSvv43LbO8/mPGgS+fpwzxBrBHzyQJChYjIRQ3bQlldCGGoKMdGJdeQVAtp16dJ2OzPmR2GVhp3LFHSlzOmgBpsGtxieOYDwz5Emtu9gzLyKjYqrL6i+Mewxb872zNC3xJDJlE6DFkQGyv+BoIXF402WXGxgQyNlYKUaoyc58HzxHpIW9Zjc1y4dLCli4iFJzW0HzI3TMrDuyYoI5Mdve44xiOSspHbZIHGnk77wjU0XFic9jCQHAwscdl4wlybwXGSD7JgfbEjpvJ337DJVXuFF5tqj6rohpt7TUCQkP avery123
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPYazp8euMmkUi+5iSAeSHkmeQtu2MsuxW4Qq9xvrGbdVPg0/75RmUeaLUXvS/xNexOXRiYlKGTWej3Nych0isej4IPILZOTsW7K0pS1q3AFEFywgv9ke98HZZY0xJ4N8CIEZi0FWQi9EYaowvwoAnL5VTX7hCkOYpS1b5XbW6Pmh7Ww+UGYRn8SvFE+dBw0NNmWxl3h6RLUINt3suv5LpoUO4moOVrEE0ySv0vsArggEGG4uheb1Z5/J5nMkCfC6ejO62jLHDrs+nvWC/BuKVkNKc2W5cF9hY8ALtdjEOfcuC1CPMkKsTQAwtVnz4jwhC4+lkcUVVf8+pMFgODSAR root@magentoprod-apache1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPYazp8euMmkUi+5iSAeSHkmeQtu2MsuxW4Qq9xvrGbdVPg0/75RmUeaLUXvS/xNexOXRiYlKGTWej3Nych0isej4IPILZOTsW7K0pS1q3AFEFywgv9ke98HZZY0xJ4N8CIEZi0FWQi9EYaowvwoAnL5VTX7hCkOYpS1b5XbW6Pmh7Ww+UGYRn8SvFE+dBw0NNmWxl3h6RLUINt3suv5LpoUO4moOVrEE0ySv0vsArggEGG4uheb1Z5/J5nMkCfC6ejO62jLHDrs+nvWC/BuKVkNKc2W5cF9hY8ALtdjEOfcuC1CPMkKsTQAwtVnz4jwhC4+lkcUVVf8+pMFgODSAR root@magentoprod-apache1
0
 
LVL 30

Accepted Solution

by:
serialband earned 1000 total points
ID: 41724075
http://www.linux.org/threads/how-to-force-ssh-login-via-public-key-authentication.4253/

You need to enable...

PubkeyAuthentication yes
RSAAuthentication yes


...in your sshd_config file, then reload ssh.
0
 

Author Comment

by:Jason Yu
ID: 41725138
for the first option, mine is commented out, but I checked an existing server, it was commented out too. I guess that is because we have a ldap server, we use that ldap server to authenticate all the users.

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys

#AuthorizedPrincipalsFile none

AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper
AuthorizedKeysCommandUser ec2-user
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 
LVL 33

Assisted Solution

by:shalomc
shalomc earned 500 total points
ID: 41725264
You used AWS Linux.. On AWS Linux the proper way is to login with ec2-user NOT with root, and then switch to root with sudo/su.

You can simply make sure that ec2-user has the proper authority to rsync the files.
0
 

Author Comment

by:Jason Yu
ID: 41725329
I was able to run rsync now by enable without-password option for root user on sshdc_config file.

However, when I run the rsync command like below "rsync -avr /var/www/html/media root@magentoprod-apache2:/var/www/html/media/", the newest files are not being copied to.


any thoughts about it?
0
 
LVL 30

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 500 total points
ID: 41727128
On Linux servers in /etc/ssh/sshd_config file. Changes the following:
A. Change “#PermitRootLogin yes” to “PermitRootLogin without-password” and
B. Change “DenyGoups root” to “#DenyGoups root”

Sudeep
0
 

Author Comment

by:Jason Yu
ID: 41728333
I got this issue resolved now. thank you all experts here, I appreciate your help.

Jason
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question