On Mon, 15 Aug 2011 14:21:28 -0700 (PDT) "James D. Parra" wrote:

On Mon, 15 Aug 2011 13:43:46 -0700 (PDT) "James D. Parra" wrote:

...

Hello,

I generated an ssh key on a Linux server and pushed the public key to the remote server's authorized_keys files with the following command;

ssh-copy-id -i ~/.ssh/linux_server.pub freebsd-server

...however a password is still being requested when logging in to the remote bsd server. Once on the remote server I can see the key for the linux server in the authorized_keys file.

Any suggestions to resolve the password request?

Thank you in advance.

James

Did you restart the daemon?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On the remote-server? I did not. I set up a freebsd server to the same remote freebsd server successfully without restarting ssh. I restarted the daemon on the remote freebsd-server, but that did not solve the problem.

Best regards,

James

What version of FreeBSD? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On 08/15/2011 02:48 PM, Hans Witvliet wrote:

On Mon, 2011-08-15 at 13:43 -0700, James D. Parra wrote:

...

Hello,

I generated an ssh key on a Linux server and pushed the public key to the remote server's authorized_keys files with the following command;

ssh-copy-id -i ~/.ssh/linux_server.pub freebsd-server

...however a password is still being requested when logging in to the remote bsd server. Once on the remote server I can see the key for the linux server in the authorized_keys file.

Any suggestions to resolve the password request?

afaicr you have to restart the receiving server, as the authorized keys will only be read during server-startup. Not true. I just did "ssh-copy-id" to my home system. It previously had always required that I enter my home password. After copying my public key to ~/.ssh/authorized_keys and no restart of the remote sshd server, I was able to login without a password. On bsd-servers, you might want to check the file permissions: if it is too wide, they might not be accepted.

Other suggestion, open a shell with ssh, and open the authorized_keys with vi. If you have a second shell open you can try insert the key with cut-and-past.

hw Check /etc/ssh/sshd_config on the receiving server for the values of

PubkeyAuthentication yes ('no' here will prevent passwordless login) AuthorizedKeysFile %h/.ssh/authorized_keys Jim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On 8/15/2011 2:48 PM, Hans Witvliet wrote:

On Mon, 2011-08-15 at 13:43 -0700, James D. Parra wrote:

...

Hello,

I generated an ssh key on a Linux server and pushed the public key to the remote server's authorized_keys files with the following command;

ssh-copy-id -i ~/.ssh/linux_server.pub freebsd-server

...however a password is still being requested when logging in to the remote bsd server. Once on the remote server I can see the key for the linux server in the authorized_keys file.

Any suggestions to resolve the password request?

afaicr you have to restart the receiving server, as the authorized keys will only be read during server-startup.

This is NOT true. Authorized keys are read at each login attempt from the users's authorized keys file. The Daemon on the receiving server (the one you are logging into is a system daemon, and if each user had to have that restarted it would be totally unmanageable). -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On 08/16/2011 01:21 PM, David C. Rankin wrote:

On 08/15/2011 03:43 PM, James D. Parra wrote:

...

Hello,

I generated an ssh key on a Linux server and pushed the public key to the remote server's authorized_keys files with the following command;

ssh-copy-id -i ~/.ssh/linux_server.pub freebsd-server

...however a password is still being requested when logging in to the remote bsd server. Once on the remote server I can see the key for the linux server in the authorized_keys file.

Any suggestions to resolve the password request?

Thank you in advance.

James

James,

I have always done the following and it works fine:

Local Box (client):

(1) create the keys you need with 'ssh-keygen -t dsa'. (just hit return for empty passwords) That will create id_dsa and id_dsa.pub in ~/.ssh by default. Give the id_dsa.pub key a usable name used when you copy it over to the remote box: (i.e. cp id_dsa.pub id_dsa.pub.$HOSTNAME)

(2) rsync your key with the usable name to the remote box:

rsync -uav ~/.ssh/id_dsa.pub.$HOSTNAME) remote.host.tld:~/.ssh

Remote Box:

(3) ssh into the remote box and append the new usable key to ~/.ssh/authorized_keys i.e.:

cat ~/.ssh/id_dsa.pub.$HOSTNAME) >> ~/.ssh/authorized_keys

** you could just do this step from the Local Box with:

ssh remote.host 'cat ~/.ssh/id_dsa.pub.$HOSTNAME) >> ~/.ssh/authorized_keys'

Don't forget to use the '>>' instead of a '>' much cussing...

You should be able to then log in from Local to Remote without a password.

Dunno why that wouldn't work for freebsd??

It seems I'm often bit by the tendency of ssh-keygen to write the private key with permissions that make it unusable. It often did this in the past and you had to change permissions to 600. Perhaps this has been fixed in later releases. -- Explain again the part about rm -rf / -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On 16/08/11 22:20, jsa wrote:

On 08/16/2011 01:21 PM, David C. Rankin wrote:

...

On 08/15/2011 03:43 PM, James D. Parra wrote:

...

Hello,

I generated an ssh key on a Linux server and pushed the public key to the remote server's authorized_keys files with the following command;

ssh-copy-id -i ~/.ssh/linux_server.pub freebsd-server

...however a password is still being requested when logging in to the remote bsd server. Once on the remote server I can see the key for the linux server in the authorized_keys file.

Any suggestions to resolve the password request?

Thank you in advance.

James

James,

I have always done the following and it works fine:

Local Box (client):

(1) create the keys you need with 'ssh-keygen -t dsa'. (just hit return for empty passwords) That will create id_dsa and id_dsa.pub in ~/.ssh by default. Give the id_dsa.pub key a usable name used when you copy it over to the remote box: (i.e. cp id_dsa.pub id_dsa.pub.$HOSTNAME)

(2) rsync your key with the usable name to the remote box:

rsync -uav ~/.ssh/id_dsa.pub.$HOSTNAME) remote.host.tld:~/.ssh

Remote Box:

(3) ssh into the remote box and append the new usable key to ~/.ssh/authorized_keys i.e.:

cat ~/.ssh/id_dsa.pub.$HOSTNAME) >> ~/.ssh/authorized_keys

** you could just do this step from the Local Box with:

ssh remote.host 'cat ~/.ssh/id_dsa.pub.$HOSTNAME) >> ~/.ssh/authorized_keys'

Don't forget to use the '>>' instead of a '>' much cussing...

You should be able to then log in from Local to Remote without a password.

Dunno why that wouldn't work for freebsd??

It seems I'm often bit by the tendency of ssh-keygen to write the private key with permissions that make it unusable. It often did this in the past and you had to change permissions to 600. Perhaps this has been fixed in later releases.

SUSE ships with a little script 'ssh-copy-id' to take care of all the steps (after key creation) of this automatically. Just run "ssh-copy-id user@host" and the id file should be added on the server with 0600 perms. Regards, Tejas -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org