[opensuse] ssh passwordless/key problem linux to freebsd
Hello, I generated an ssh key on a Linux server and pushed the public key to the remote server's authorized_keys files with the following command; ssh-copy-id -i ~/.ssh/linux_server.pub freebsd-server ...however a password is still being requested when logging in to the remote bsd server. Once on the remote server I can see the key for the linux server in the authorized_keys file. Any suggestions to resolve the password request? Thank you in advance. James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 15 Aug 2011 13:43:46 -0700 (PDT)
"James D. Parra"
Hello,
I generated an ssh key on a Linux server and pushed the public key to the remote server's authorized_keys files with the following command;
ssh-copy-id -i ~/.ssh/linux_server.pub freebsd-server
...however a password is still being requested when logging in to the remote bsd server. Once on the remote server I can see the key for the linux server in the authorized_keys file.
Any suggestions to resolve the password request?
Thank you in advance.
James
Did you restart the daemon? Carl -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 15 Aug 2011 13:43:46 -0700 (PDT)
"James D. Parra"
Hello,
I generated an ssh key on a Linux server and pushed the public key to the remote server's authorized_keys files with the following command;
ssh-copy-id -i ~/.ssh/linux_server.pub freebsd-server
...however a password is still being requested when logging in to the remote bsd server. Once on the remote server I can see the key for the linux server in the authorized_keys file.
Any suggestions to resolve the password request?
Thank you in advance.
James
Did you restart the daemon? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On the remote-server? I did not. I set up a freebsd server to the same remote freebsd server successfully without restarting ssh. I restarted the daemon on the remote freebsd-server, but that did not solve the problem. Best regards, James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 15 Aug 2011 14:21:28 -0700 (PDT)
"James D. Parra"
On Mon, 15 Aug 2011 13:43:46 -0700 (PDT) "James D. Parra"
wrote: Hello,
I generated an ssh key on a Linux server and pushed the public key to the remote server's authorized_keys files with the following command;
ssh-copy-id -i ~/.ssh/linux_server.pub freebsd-server
...however a password is still being requested when logging in to the remote bsd server. Once on the remote server I can see the key for the linux server in the authorized_keys file.
Any suggestions to resolve the password request?
Thank you in advance.
James
Did you restart the daemon?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On the remote-server? I did not. I set up a freebsd server to the same remote freebsd server successfully without restarting ssh. I restarted the daemon on the remote freebsd-server, but that did not solve the problem.
Best regards,
James
What version of FreeBSD? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 2011-08-15 at 13:43 -0700, James D. Parra wrote:
Hello,
I generated an ssh key on a Linux server and pushed the public key to the remote server's authorized_keys files with the following command;
ssh-copy-id -i ~/.ssh/linux_server.pub freebsd-server
...however a password is still being requested when logging in to the remote bsd server. Once on the remote server I can see the key for the linux server in the authorized_keys file.
Any suggestions to resolve the password request?
afaicr you have to restart the receiving server, as the authorized keys will only be read during server-startup. On bsd-servers, you might want to check the file permissions: if it is too wide, they might not be accepted. Other suggestion, open a shell with ssh, and open the authorized_keys with vi. If you have a second shell open you can try insert the key with cut-and-past. hw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 08/15/2011 02:48 PM, Hans Witvliet wrote:
On Mon, 2011-08-15 at 13:43 -0700, James D. Parra wrote:
Hello,
I generated an ssh key on a Linux server and pushed the public key to the remote server's authorized_keys files with the following command;
ssh-copy-id -i ~/.ssh/linux_server.pub freebsd-server
...however a password is still being requested when logging in to the remote bsd server. Once on the remote server I can see the key for the linux server in the authorized_keys file.
Any suggestions to resolve the password request?
afaicr you have to restart the receiving server, as the authorized keys will only be read during server-startup. Not true. I just did "ssh-copy-id" to my home system. It previously had always required that I enter my home password. After copying my public key to ~/.ssh/authorized_keys and no restart of the remote sshd server, I was able to login without a password. On bsd-servers, you might want to check the file permissions: if it is too wide, they might not be accepted.
Other suggestion, open a shell with ssh, and open the authorized_keys with vi. If you have a second shell open you can try insert the key with cut-and-past.
hw Check /etc/ssh/sshd_config on the receiving server for the values of
PubkeyAuthentication yes ('no' here will prevent passwordless login) AuthorizedKeysFile %h/.ssh/authorized_keys Jim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 15 Aug 2011 17:14:46 -0700
Jim Cunning
Check /etc/ssh/sshd_config on the receiving server for the values of
PubkeyAuthentication yes ('no' here will prevent passwordless login) AuthorizedKeysFile %h/.ssh/authorized_keys
Jim
It figures. I assumed the basics had already been done, which is what prompted me to ask if he'd restarted the daemon. Restarting the daemon isn't relevant to looking up authorized keys but it /is/ needed when you change sshd_config -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 8/15/2011 2:48 PM, Hans Witvliet wrote:
On Mon, 2011-08-15 at 13:43 -0700, James D. Parra wrote:
Hello,
I generated an ssh key on a Linux server and pushed the public key to the remote server's authorized_keys files with the following command;
ssh-copy-id -i ~/.ssh/linux_server.pub freebsd-server
...however a password is still being requested when logging in to the remote bsd server. Once on the remote server I can see the key for the linux server in the authorized_keys file.
Any suggestions to resolve the password request?
afaicr you have to restart the receiving server, as the authorized keys will only be read during server-startup.
This is NOT true. Authorized keys are read at each login attempt from the users's authorized keys file. The Daemon on the receiving server (the one you are logging into is a system daemon, and if each user had to have that restarted it would be totally unmanageable). -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 08/15/2011 03:43 PM, James D. Parra wrote:
Hello,
I generated an ssh key on a Linux server and pushed the public key to the remote server's authorized_keys files with the following command;
ssh-copy-id -i ~/.ssh/linux_server.pub freebsd-server
...however a password is still being requested when logging in to the remote bsd server. Once on the remote server I can see the key for the linux server in the authorized_keys file.
Any suggestions to resolve the password request?
Thank you in advance.
James
James, I have always done the following and it works fine: Local Box (client): (1) create the keys you need with 'ssh-keygen -t dsa'. (just hit return for empty passwords) That will create id_dsa and id_dsa.pub in ~/.ssh by default. Give the id_dsa.pub key a usable name used when you copy it over to the remote box: (i.e. cp id_dsa.pub id_dsa.pub.$HOSTNAME) (2) rsync your key with the usable name to the remote box: rsync -uav ~/.ssh/id_dsa.pub.$HOSTNAME) remote.host.tld:~/.ssh Remote Box: (3) ssh into the remote box and append the new usable key to ~/.ssh/authorized_keys i.e.: cat ~/.ssh/id_dsa.pub.$HOSTNAME) >> ~/.ssh/authorized_keys ** you could just do this step from the Local Box with: ssh remote.host 'cat ~/.ssh/id_dsa.pub.$HOSTNAME) >> ~/.ssh/authorized_keys' Don't forget to use the '>>' instead of a '>' much cussing... You should be able to then log in from Local to Remote without a password. Dunno why that wouldn't work for freebsd?? -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 08/16/2011 01:21 PM, David C. Rankin wrote:
On 08/15/2011 03:43 PM, James D. Parra wrote:
Hello,
I generated an ssh key on a Linux server and pushed the public key to the remote server's authorized_keys files with the following command;
ssh-copy-id -i ~/.ssh/linux_server.pub freebsd-server
...however a password is still being requested when logging in to the remote bsd server. Once on the remote server I can see the key for the linux server in the authorized_keys file.
Any suggestions to resolve the password request?
Thank you in advance.
James
James,
I have always done the following and it works fine:
Local Box (client):
(1) create the keys you need with 'ssh-keygen -t dsa'. (just hit return for empty passwords) That will create id_dsa and id_dsa.pub in ~/.ssh by default. Give the id_dsa.pub key a usable name used when you copy it over to the remote box: (i.e. cp id_dsa.pub id_dsa.pub.$HOSTNAME)
(2) rsync your key with the usable name to the remote box:
rsync -uav ~/.ssh/id_dsa.pub.$HOSTNAME) remote.host.tld:~/.ssh
Remote Box:
(3) ssh into the remote box and append the new usable key to ~/.ssh/authorized_keys i.e.:
cat ~/.ssh/id_dsa.pub.$HOSTNAME) >> ~/.ssh/authorized_keys
** you could just do this step from the Local Box with:
ssh remote.host 'cat ~/.ssh/id_dsa.pub.$HOSTNAME) >> ~/.ssh/authorized_keys'
Don't forget to use the '>>' instead of a '>' much cussing...
You should be able to then log in from Local to Remote without a password.
Dunno why that wouldn't work for freebsd??
It seems I'm often bit by the tendency of ssh-keygen to write the private key with permissions that make it unusable. It often did this in the past and you had to change permissions to 600. Perhaps this has been fixed in later releases. -- Explain again the part about rm -rf / -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 08/16/2011 04:20 PM, jsa wrote:
It seems I'm often bit by the tendency of ssh-keygen to write the private key with permissions that make it unusable. It often did this in the past and you had to change permissions to 600. Perhaps this has been fixed in later releases.
Hmm... I've been using this same method on suse and arch since at least 2001 and I don't ever recall touching permissions on the private key. Just doing a quick compare between arch and suse, looks like arch writes both 0600 while suse writes the private with 0600 and the public with 0644. Guess I've just been lucky! I will have to look, but I also think there may be an option in /etc/ssh/sshd_config that controls whether the system will puke on permission problems. Something similar to the strict checking option or the like? -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 16/08/11 22:20, jsa wrote:
On 08/16/2011 01:21 PM, David C. Rankin wrote:
On 08/15/2011 03:43 PM, James D. Parra wrote:
Hello,
I generated an ssh key on a Linux server and pushed the public key to the remote server's authorized_keys files with the following command;
ssh-copy-id -i ~/.ssh/linux_server.pub freebsd-server
...however a password is still being requested when logging in to the remote bsd server. Once on the remote server I can see the key for the linux server in the authorized_keys file.
Any suggestions to resolve the password request?
Thank you in advance.
James
James,
I have always done the following and it works fine:
Local Box (client):
(1) create the keys you need with 'ssh-keygen -t dsa'. (just hit return for empty passwords) That will create id_dsa and id_dsa.pub in ~/.ssh by default. Give the id_dsa.pub key a usable name used when you copy it over to the remote box: (i.e. cp id_dsa.pub id_dsa.pub.$HOSTNAME)
(2) rsync your key with the usable name to the remote box:
rsync -uav ~/.ssh/id_dsa.pub.$HOSTNAME) remote.host.tld:~/.ssh
Remote Box:
(3) ssh into the remote box and append the new usable key to ~/.ssh/authorized_keys i.e.:
cat ~/.ssh/id_dsa.pub.$HOSTNAME) >> ~/.ssh/authorized_keys
** you could just do this step from the Local Box with:
ssh remote.host 'cat ~/.ssh/id_dsa.pub.$HOSTNAME) >> ~/.ssh/authorized_keys'
Don't forget to use the '>>' instead of a '>' much cussing...
You should be able to then log in from Local to Remote without a password.
Dunno why that wouldn't work for freebsd??
It seems I'm often bit by the tendency of ssh-keygen to write the private key with permissions that make it unusable. It often did this in the past and you had to change permissions to 600. Perhaps this has been fixed in later releases.
SUSE ships with a little script 'ssh-copy-id' to take care of all the steps (after key creation) of this automatically. Just run "ssh-copy-id user@host" and the id file should be added on the server with 0600 perms. Regards, Tejas -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (8)
-
Carl Hartung
-
David C. Rankin
-
Hans Witvliet
-
James D. Parra
-
Jim Cunning
-
John Andersen
-
jsa
-
Tejas Guruswamy