I am using SSH for my vm and want to login as another user name using password less login method. I have created the private/public keys with following command.
ssh-keygen -t rsa
but when i try to login without password, i am getting the following stack.
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /home/systest/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.2.67 [192.168.2.67] port 22.
debug1: Connection established.
debug1: identity file /home/systest/.ssh/identity type -1
debug1: identity file /home/systest/.ssh/id_rsa type 1
debug1: identity file /home/systest/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.2.67' is known and matches the RSA host key.
debug1: Found key in /home/systest/.ssh/known_hosts:18
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Next authentication method: publickey
debug1: Trying private key: /home/systest/.ssh/identity
debug1: Offering public key: /home/systest/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/systest/.ssh/id_dsa
debug1: Next authentication method: password
can any one kindly tell me what is the problem. I am new to this.
I have added the public key with this command
cat .ssh/id_rsa.pub | ssh b#B 'cat >> .ssh/authorized_keys'
You need to copy you public key to the remote host.
In your home directory on the local machine, that is the machine on which you ran ssh-keygen. Look inside the .ssh folder. There you will see these two files.
id_rsa
id_rsa.pub
The file id_rsa is your private key (don't let anyone ever have access to this file, ever), and the file id_rsa.pub is your public key.
You need to copy the contents of id_rsa.pub, your public key, into the .ssh/authorized_keys file on the remote server.
This can be done quickly, if password authentication is enabled, with the ssh-copy-id command
ssh-copy-id me#somehost
After doing this you may disable password authentication in the /etc/ssh/sshd_config file on the remote host.
If you have already set the proper permissions for the .ssh folder and authorized_keys file, then you might check the owner and group of your home folder.
e.g. $ ll /home
drwxr-xr-x 3 <your user id> <your goup> 4096 Jul 16 2015 <your user home folder>/
If the user and group are wrong, and you have sudo access, change the owner and group.
e.g. $ sudo chown -R <your user id>:<your goup> /home/<your user home folder>
Related
I humbly apologize, but I looked everywhere in the net and I still couldn't do this. This is the best guide i've found so far. I've also used this as guide as well. And still nothing works.
I needed to execute a script that automatically sends a local file to a remote machine. Both local and remote machines are Linux.
EDIT: script should NOT prompt for password to user - hence why I should use public keys.
What I've done so far:
EDIT: executed eval `ssh-agent`, and then ssh-add, and then ssh-copy-id
executed ssh-keygen on local machine, to produce id_rsa and id_rsa.pub at ~/.ssh folder
Used NO passphrase in ssh-keygen
Sent id_rsa.pub to remote machine into its ~/.ssh folder
Renamed id_rsa.pub in remote machine into authorized_keys (since it didn't exist originally)
Script file (in local machine)
#!/bin/bash
scp -i ~/.ssh/id_rsa -o BatchMode=yes -v file.txt meuser#remotemachine:/home/meuser
Output of verbose mode of SCP:
./scp_example.sh
Executing: program /usr/bin/ssh host webui01, user meuser2, command scp -v -t /home/meuser
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to remotemachine [###.###.###.###] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 504/505
debug1: identity file /home/meuser/.ssh/id_rsa type 1
debug1: loaded 1 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'remotemachine' is known and matches the RSA host key.
debug1: Found key in /home/meuser/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Unspecified GSS failure. Minor code may provide more information
Unknown code krb5 195
debug1: Next authentication method: publickey
debug1: Offering public key: /home/meuser/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
lost connection
Hopefully someone can shed light into this.
Thanks and best regards.
Your offered key is rejected. Have a look into the server log for the reason, make sure that the home directory, .ssh and .ssh/authorized_keyus is owned by the correct user and not writable by anyone else (which is most common mistake).
I am setting up ssh with public key access, I think I have correctly configured sshd_config and generate id_rsa.pub and authorized_keys.
ssh-kengen -t rsa
cd .ssh
cat id_rsa.pub >> authorized_keys
I also set the permission for these files
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
When I try sudo ssh localhost, it works and no password is asked, but logged in as root.
But when I try ssh localhost, It is still asking for password.
logs generated during this are :-
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/cwei/.ssh/identity type -1
debug1: identity file /home/cwei/.ssh/identity-cert type -1
debug1: identity file /home/cwei/.ssh/id_rsa type 1
debug1: identity file /home/cwei/.ssh/id_rsa-cert type -1
debug1: identity file /home/cwei/.ssh/id_dsa type -1
debug1: identity file /home/cwei/.ssh/id_dsa-cert type -1
debug1: identity file /home/cwei/.ssh/id_ecdsa type -1
debug1: identity file /home/cwei/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/cwei/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-
with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_604' not found
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_604' not found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_604' not found
debug1: Next authentication method: publickey
debug1: Trying private key: /home/cwei/.ssh/identity
debug1: Offering public key: /home/cwei/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/cwei/.ssh/id_dsa
debug1: Trying private key: /home/cwei/.ssh/id_ecdsa
debug1: Next authentication method: password
cwei#localhost's password:
Ssh public key access is user based. The configuration may be done for the root user. It needs to be done for the local user by configuring local users local .ssh directory.
I'm trying to start a vertica cluster on 3 ec2 instances(node1, node2, node3) which requires root login via ssh between the instances.
On node1, the main node...as a root user, I generated keys using ssh-keygen
On node2 and node3, I edited the /etc/ssh/sshd_config file with this:
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no`
then added the id_rsa.pub key to node2 and node3 in both /root/.ssh/authorized_keys and /home/ec2-user/.ssh/authorized_keys
then did a
service sshd restart
I try to login like ssh root#node2 from node1...but I keep get this error:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
EDIT:
also changed permitrootlogin to this:
PermitRootLogin without-password
did a -v on ssh and here is what I see
[root#ip-10-205-119-236 .ssh]# ssh -v root#10.205.117.61
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.205.117.61 [10.205.117.61] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/identity-cert type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.205.117.61' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
I see its trying to use id_dsa...but I don't have that file...i have a file called node1 which is what I named my file...
SSH requires quite precise access rights on these files because if it would be different, it is security issue. You need your ~/.ssh to have accessible only by you and your authorized_keys can't be writeable by other:
chmod 700 ~/.ssh
chmod 644 ~/.ssh/authorized_keys
should fix it.
(I am very new to git and version control. ) I have several bash scripts that perform nightly backups- I also have a cronjob already set up,. Executing a single script at a time also requires the password even though I have tried my best to enable the scripts to perform ssh authentication but I keep getting prompted for my stash password when they execute(I have looked at several online resources but I think I keep going around in circles- not reaching anywhere close to the solution), if I could get my scripts to execute via ssh authentication then I can go ahead and run the cron job successfully.
I have already created the public - private key pair and my public key has been added to the Stash Project.
A ssh -v 'username'#'server' gives the following output :
`OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to dbstore1 [10.4.2.3] port 22.
debug1: Connection established.
debug1: identity file /home/<myusername>/.ssh/identity type -1
debug1: identity file /home/<myusername>/.ssh/id_rsa type 1
debug1: identity file /home/<myusername>/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'dbstore1' is known and matches the RSA host key.
debug1: Found key in /home/<myusername>/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/<myusername>/.ssh/identity
debug1: Offering public key: /home/<myusername>/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
`
So looking at the above result- the authentication using the SSH public key is successful for my user account, right?
Now, the problem comes in when i execute the schema backup script - sudo ./script.sh
It keeps asking me for my (stash) password when it is about to commit/push. Also, I noticed that when I supply the password and there is a successful commit on Stash - the author is displayed as 'root'.
So my SSH public key is set up for MY user account but the commits are made from root - Could this be a cause of why ssh login doesn't work for me ?
I am trying to set up a git repo on a server running Linux RedHat.
I follow the instructions on Github's help page. I reach the step where the instructions tell me to ssh into git#github.com.
this gives me the following error -
$ ssh -T git#github.com
Permission denied (publickey).
So then I did $ ssh -vT git#github.com and get this -
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /home/min/a/foo/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to github.com [some IP] port 22.
debug1: Connection established.
debug1: identity file /home/shay/a/foo/.ssh/id_rsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6+squeeze1+github2
debug1: match: OpenSSH_5.5p1 Debian-6+squeeze1+github2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /home/min/a/foo/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/shay/a/foo/.ssh/id_rsa
debug1: No more authentication methods to try.
Permission denied (publickey).
Here's where I currently am -
$ pwd
/home/min/a/foo/.ssh
I don't understand what's going wrong? Also, if I try to add this path by doing ssh-add, it says "Could not open a connection to your authentication agent".
It appears that you either have not uploaded a key to github, or you have uploaded a key that does not match your default key for the current user.
Check that your local key is on github:
Get your key's fingerprint: ssh-keygen -lf ~/.ssh/id_rsa.pub
Check this against the list of allowed keys on github: https://github.com/settings/ssh
Alternatively, check that your key is enabled on github. A little while ago, a there was an security issue related to ssh keys on github. All ssh keys were disabled in order to force users to review their list of allowed keys. If you've not used github recently, yours could still be disabled.
Just in case someone is interested or has a similar issue and checks this post, the solution is to cd out of the .ssh dir and ssh into github. Provided everything else is followed exactly as on github's help page, this will solve the problem.