Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Can't figure out how to use ssh without password

94 views
Skip to first unread message

Adam Beneschan

unread,
Feb 25, 2005, 9:08:03 PM2/25/05
to
I'm hoping someone can help me with this...

I'm trying to get things set up so that I can use "ssh" on MachineA to
log in to (or run a command on) MachineB without typing a password.
Both machines are running Red Hat Linux (6.2 on MachineA, 9.0 on
MachineB). Both machines use OpenSSH.

We have things set up using NFS and YP so I can log in with the same
user name on both systems, and the home directory is exactly the same
(it's actually located on either MachineA or some third machine, if
that makes a difference). I'm trying to follow the instructions in
http://particle.phys.uvic.ca/doc_sshkey.html .

On MachineA, I used ssh-keygen to set up the keys:

ssh-keygen -b 2048 -t rsa1 -f newkey

(I also tried it with "rsa", also without success.) I then copied
newkey and newkey.pub to $HOME/.ssh. The instructions say to use scp
to copy newkey.pub to the remote machine and then append it to
authorized_keys2 on the remote machine; since the home directories are
the same, I just did the append.

When I tried

ssh -i $HOME/.ssh/newkey MachineB

on MachineA, ssh asked for a password, which I didn't want to happen.

I tried it with -vvv; below is a portion of the output that seems to
be most interesting. I don't know what it any of it means, though,
and I'm hoping someone here can tell from this output what I might be
doing wrong.

MachineA is listed in /etc/hosts.equiv and $HOME/.rhosts on MachineB.
/usr/local/etc/ssh_config consists of just comments on both machines,
and there is no $HOME/.ssh/config.

I am able to use the above "ssh" command (using the correct file for
the -i option) when I am logged in as root. It doesn't ask for a
password in that
case.

Thanks for any help you can provide.

-- Adam


debug1: dh_gen_key: priv key bits set: 122/256
debug1: bits set: 1599/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename $HOME/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug3: check_host_in_hostfile: filename $HOME/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'MachineB' is known and matches the RSA host key.
debug1: Found key in $HOME/.ssh/known_hosts:2
debug1: bits set: 1638/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug3: start over, passed a different list
publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: next auth method to try is keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: next auth method to try is password
debug1: packet_send2: adding 64 (len 55 padlen 9 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: ssh-userauth2 successful: method password

Jesse Charbneau

unread,
Mar 3, 2005, 11:17:27 AM3/3/05
to
I think you may be heading down the wrong path. You should be using
the authorized keys files. It's been a while since I set something
like this up, but at work, we use this type of setup for our monitoring
and ids's to communicate without need for a password.

Try doing this. Create a dsa key (or whatever encryption you like) and
then copy contenct of the file ~/.ssh/id_dsa.pub (this may change if
you change to something like rsa) to the server you wish to
authenticate via key and place it in ~/.ssh/authorized_keys.

I just did it, took 2 minutes (without keygen). Your mileage may vary:
jess@jess ~ => scp .ssh/id_dsa.pub speargun:~/.ssh/authorized_keys
jess@speargun's password:
id_dsa.pub 100% |*****************************| 620
00:00
jess@jess ~ => slogin speargun
Last login: Thu Mar 3 11:13:15 2005 from jess.somedomain.com
jess@speargun 11:14:18 jess =>


You may want to pick up a copy of the O'rielly SSH book. I can't
recall the name, but the author is Richard SIlverman. You can also
find him on the ssh newsgroups.

Jesse Charbneau

unread,
Mar 3, 2005, 1:51:38 PM3/3/05
to
Should have added that you need this in the server sshd_config:

PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys

Adam Beneschan

unread,
Mar 4, 2005, 5:23:22 PM3/4/05
to

OK, thanks for the help.

I did get everything to work. I think there was some confusion between
rsa and rsa1, and I may have been generating the wrong kind of key. I
deleted everything and started over, and it works now.

-- Adam

0 new messages