Mailinglist Archive: opensuse (3100 mails)
| < Previous | Next > |
Re: [SLE] Problems with sshd and pub keys
- From: Allister <lists@xxxxxxxxxxxxx>
- Date: Thu, 2 Mar 2006 18:57:11 +0000
- Message-id: <200603021857.11689.lists@xxxxxxxxxxxxx>
On Thursday 02 March 2006 15:11, daniel parkes wrote:
> hy people,
>
> all the servers are sles8 with the lastest version of sshd from you.
>
> I have a problem with sshd autentication with public keys, the thing is i
> need to use scp in scripts without being asked for passwords thats why i am
> using pub keys,
> in our development machines(i am the admin) i have used pub keys with out
> problem, but now in produciton servers(im not the admin) its not working,
> it asks all the time for password input, the thing is i only have a normal
> user in the 2 production boxes and this is what i have done:
>
> created a key pair:
> ssh-keygen -t rsa
>
> .ssh]$ ls
> id_rsa id_rsa.pub
>
> lauched:
> ssh-copy-id -i id_rsa.pub bebe@xxxxxxxxxxxx <bebe@xxxxxxxxxxxx>
>
> and checked in the other machine the authorized_keys was created:
>
> /.ssh> more authorized_keys
> ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwAAAIEAo5SbiJdj4Njmwwa3Tz9ozKpgMbNywR7+FmEDlxXk2+XC
> ec/kVWYfzK6/Ig2CzFkybTbLq2K2Gwb6L8uQ4v8rGgS1ZRdi9YonEaP0CUfODggXZ6EgYXdIrGv
>h6dIh UCIa1u+QA7qFWvpdH2H7ub9GdK+= bebe@xxxxxxx <bebe@xxxxxxx>
>
> then ssh to the machine bebe@xxxxxxxxxxxx <bebe@xxxxxxxxxxxx>
> and it asks for a password all the time, this procedure works perfect in my
> machines, but not in production and i cant talk with the admins.
>
> so i was looking for places you could block public key authetication, i
> have looked in sshd_config and pub auth is on:
>
> RSAAuthentication yes
> PubkeyAuthentication yes
> AuthorizedKeysFile .ssh/authorized_keys
>
Sorry I am confused, you want to block pub key authentication or you are
looking for somewhere in the config files where pub might be blocked by
default and you wish to enable it? If it is the latter then your pub key
statement in sshd_config has a capitilisation error (should it make some
difference). It should be;
PubKeyAuthentication yes #note, K not k.
That is to say it has an error when compared to my setup which works with pub
key authentication with both client and server running 10.0, openssh 4.1.p1.
I also had to turn PAM off in the same file as the server defaulted to using
this method first. Turned off thus;
UsePAM no
Also I specify the home directory of the user logging in to look for the
authorized keys file, thus;
AuthorizedKeysFile %h/.ssh/authorized_keys
The %h token tells the ssh daemon to look in the home folder for that
particular user.
Apologies if I have got the wrong end of the stick.
Allister
--
Public Key to be found at www.keyserver.net.
Search for tag@ukfsn
> hy people,
>
> all the servers are sles8 with the lastest version of sshd from you.
>
> I have a problem with sshd autentication with public keys, the thing is i
> need to use scp in scripts without being asked for passwords thats why i am
> using pub keys,
> in our development machines(i am the admin) i have used pub keys with out
> problem, but now in produciton servers(im not the admin) its not working,
> it asks all the time for password input, the thing is i only have a normal
> user in the 2 production boxes and this is what i have done:
>
> created a key pair:
> ssh-keygen -t rsa
>
> .ssh]$ ls
> id_rsa id_rsa.pub
>
> lauched:
> ssh-copy-id -i id_rsa.pub bebe@xxxxxxxxxxxx <bebe@xxxxxxxxxxxx>
>
> and checked in the other machine the authorized_keys was created:
>
> /.ssh> more authorized_keys
> ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwAAAIEAo5SbiJdj4Njmwwa3Tz9ozKpgMbNywR7+FmEDlxXk2+XC
> ec/kVWYfzK6/Ig2CzFkybTbLq2K2Gwb6L8uQ4v8rGgS1ZRdi9YonEaP0CUfODggXZ6EgYXdIrGv
>h6dIh UCIa1u+QA7qFWvpdH2H7ub9GdK+= bebe@xxxxxxx <bebe@xxxxxxx>
>
> then ssh to the machine bebe@xxxxxxxxxxxx <bebe@xxxxxxxxxxxx>
> and it asks for a password all the time, this procedure works perfect in my
> machines, but not in production and i cant talk with the admins.
>
> so i was looking for places you could block public key authetication, i
> have looked in sshd_config and pub auth is on:
>
> RSAAuthentication yes
> PubkeyAuthentication yes
> AuthorizedKeysFile .ssh/authorized_keys
>
Sorry I am confused, you want to block pub key authentication or you are
looking for somewhere in the config files where pub might be blocked by
default and you wish to enable it? If it is the latter then your pub key
statement in sshd_config has a capitilisation error (should it make some
difference). It should be;
PubKeyAuthentication yes #note, K not k.
That is to say it has an error when compared to my setup which works with pub
key authentication with both client and server running 10.0, openssh 4.1.p1.
I also had to turn PAM off in the same file as the server defaulted to using
this method first. Turned off thus;
UsePAM no
Also I specify the home directory of the user logging in to look for the
authorized keys file, thus;
AuthorizedKeysFile %h/.ssh/authorized_keys
The %h token tells the ssh daemon to look in the home folder for that
particular user.
Apologies if I have got the wrong end of the stick.
Allister
--
Public Key to be found at www.keyserver.net.
Search for tag@ukfsn
| < Previous | Next > |