On Thursday 02 March 2006 15:11, daniel parkes wrote:
hy people,
all the servers are sles8 with the lastest version of sshd from you.
I have a problem with sshd autentication with public keys, the thing is i need to use scp in scripts without being asked for passwords thats why i am using pub keys, in our development machines(i am the admin) i have used pub keys with out problem, but now in produciton servers(im not the admin) its not working, it asks all the time for password input, the thing is i only have a normal user in the 2 production boxes and this is what i have done:
created a key pair: ssh-keygen -t rsa
.ssh]$ ls id_rsa id_rsa.pub
lauched: ssh-copy-id -i id_rsa.pub bebe@172.29.xx.xx
and checked in the other machine the authorized_keys was created:
/.ssh> more authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAo5SbiJdj4Njmwwa3Tz9ozKpgMbNywR7+FmEDlxXk2+XC ec/kVWYfzK6/Ig2CzFkybTbLq2K2Gwb6L8uQ4v8rGgS1ZRdi9YonEaP0CUfODggXZ6EgYXdIrGv h6dIh UCIa1u+QA7qFWvpdH2H7ub9GdK+= bebe@x.x.x.x
then ssh to the machine bebe@172.29.xx.xx
and it asks for a password all the time, this procedure works perfect in my machines, but not in production and i cant talk with the admins. so i was looking for places you could block public key authetication, i have looked in sshd_config and pub auth is on:
RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
Sorry I am confused, you want to block pub key authentication or you are looking for somewhere in the config files where pub might be blocked by default and you wish to enable it? If it is the latter then your pub key statement in sshd_config has a capitilisation error (should it make some difference). It should be; PubKeyAuthentication yes #note, K not k. That is to say it has an error when compared to my setup which works with pub key authentication with both client and server running 10.0, openssh 4.1.p1. I also had to turn PAM off in the same file as the server defaulted to using this method first. Turned off thus; UsePAM no Also I specify the home directory of the user logging in to look for the authorized keys file, thus; AuthorizedKeysFile %h/.ssh/authorized_keys The %h token tells the ssh daemon to look in the home folder for that particular user. Apologies if I have got the wrong end of the stick. Allister -- Public Key to be found at www.keyserver.net. Search for tag@ukfsn