I've tried to setup a password-less ssh b/w A
to B
and B
to A
as well.
Generated the public and private key using ssh-keygen -trsa
on both the machines.
Used the ssh-copy-id
utility to copy the public-keys from A
to B
as well as B
to A
.
The passwordless ssh works from A
to B
but not
from B
to A
.
I've checked the permissions of the ~/ssh/ folder and seems to be normal.
A's .ssh
folder permissions:
-rw------- 1 root root 13530 2011-07-26 23:00 known_hosts
-rw------- 1 root root 403 2011-07-27 00:35 id_rsa.pub
-rw------- 1 root root 1675 2011-07-27 00:35 id_rsa
-rw------- 1 root root 799 2011-07-27 00:37 authorized_keys
drwxrwx--- 70 root root 4096 2011-07-27 00:37 ..
drwx------ 2 root root 4096 2011-07-27 00:38 .
B's .ssh
folder permissions:
-rw------- 1 root root 884 2011-07-07 13:15 known_hosts
-rw-r--r-- 1 root root 396 2011-07-27 00:15 id_rsa.pub
-rw------- 1 root root 1675 2011-07-27 00:15 id_rsa
-rw------- 1 root root 2545 2011-07-27 00:36 authorized_keys
drwxr-xr-x 8 root root 4096 2011-07-06 19:44 ..
drwx------ 2 root root 4096 2011-07-27 00:15 .
A
is an ubuntu 10.04 (OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009) B
is a debian machine (OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007)
From A
:
#ssh B
works fine.
From B
:
#ssh -vvv A
...
...
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa (0x7f1581f23a50)
debug2: key: /root/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1127
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1495
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root@192.168.122.1's password:
Which essentially means it's not authenticating using the file /root/id_rsa
.
I ran the ssh-add
command in both the machines as well.
The authentication part of /etc/ssh/sshd_config
file is
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
I'm running out of ideas.
Any help would be appreciated.
Best Answer
Just make sure that you have followed the following procedure:
On Machine A
open a terminal and enter the commands as follows:
Just to make sure that we are root.
If the above command output something like below we are root else switch to root using the
su
command1) Create the keys.
I haven't used any passphrase. If you need one you can use it.
2) Copy the public key in to machine B's
.ssh/authorized_keys
fileNow try logging into the machine, with
ssh 'root@mylap'
, and check in:to make sure we haven't added extra keys that you weren't expecting.
Replace mylap with the hostname or ip of the machine you want to login (i.e. machine B)
3) Login to B without password
On Machine B
4) Create the keys to login back to Machine A
5) Copy the public key in to machine A's
.ssh/authorized_keys
fileNow try logging into the machine, with
ssh 'root@aneesh-pc'
, and check in:to make sure we haven't added extra keys that you weren't expecting.
6) Login to A without password
If you are able to complete these steps You are done. Now you have two machines with ssh-key (public-key) enabled login.