hy people,
all the servers are sles8 with the lastest version of sshd from you.
I have a problem with sshd autentication with public keys, the thing is i
need to use scp in scripts without being asked for passwords thats why i am
using pub keys,
in our development machines(i am the admin) i have used pub keys with out
problem, but now in produciton servers(im not the admin) its not working, it
asks all the time for password input, the thing is i only have a normal user
in the 2 production boxes and this is what i have done:
created a key pair:
ssh-keygen -t rsa
.ssh]$ ls
id_rsa id_rsa.pub
lauched:
ssh-copy-id -i id_rsa.pub bebe@172.29.xx.xx
and checked in the other machine the authorized_keys was created:
/.ssh> more authorized_keys
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAo5SbiJdj4Njmwwa3Tz9ozKpgMbNywR7+FmEDlxXk2+XC
ec/kVWYfzK6/Ig2CzFkybTbLq2K2Gwb6L8uQ4v8rGgS1ZRdi9YonEaP0CUfODggXZ6EgYXdIrGvh6dIh
UCIa1u+QA7qFWvpdH2H7ub9GdK+= bebe@x.x.x.x
then ssh to the machine bebe@172.29.xx.xx
and it asks for a password all the time, this procedure works perfect in my
machines, but not in production and i cant talk with the admins.
so i was looking for places you could block public key authetication, i have
looked in sshd_config and pub auth is on:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
the pam sshd config is like this:
/etc/pam.d> more sshd
#%PAM-1.0
auth required pam_unix2.so # set_secrpc
auth required pam_nologin.so
auth required pam_env.so
auth required /lib/security/pam_tally.so onerr=fail no_magic_root
account required /lib/security/pam_tally.so deny=10 reset
no_magic_root
account required pam_unix2.so
account required pam_nologin.so
account required pam_laus.so detach
password required pam_pwcheck.so
password required pam_unix2.so use_first_pass use_authtok
session required pam_unix2.so none
session required pam_limits.so
session optional pam_laus.so
So i have a couple of questions where can you block pub auth for ssh apart
from sshd_Config?? any ideas??
Is there another way of moving files from one machine to another without
beeing asked for passwords(or the password can go in the script)???, cant
use nfs or install anything strange in the machine any idea???
Help needed
THNXX!!
/pam.d> more sshd
#%PAM-1.0
auth required pam_unix2.so # set_secrpc
auth required pam_nologin.so
auth required pam_env.so
auth required /lib/security/pam_tally.so onerr=fail no_magic_root
account required /lib/security/pam_tally.so deny=10 reset
no_magic_root
account required pam_unix2.so
account required pam_nologin.so
account required pam_laus.so detach
password required pam_pwcheck.so
password required pam_unix2.so use_first_pass use_authtok
session required pam_unix2.so none
session required pam_limits.so
session optional pam_laus.so