[Nolug] Getting Public Key Authentication to work with OpenSSH

From: Mischa Krilov <subs_at_krilov.com>
Date: Sun, 22 Feb 2004 14:23:28 -0600
Message-ID: <40390FC0.7040502@krilov.com>

Greetings!

At the last presentation, we tried to get ssh to allow public key
authentication between two machines. I've been having similar troubles
at home. So I'm going to post exactly what I'm doing (in the hopes that
it will just work), and maybe someone out there can help me see whatever
blindingly obvious thing I'm missing. Note my comments are inline inside
of [square brackets].

Setup:
Two machines, 192.168.0.16 (target) and 192.168.0.17 (source). The
target machine is RH9, the source machine is a Gentoo box.

ssh -V on target:
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f

ssh -v on source:
OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6k 30 Sep 2003

Note that since I can successfully ssh between the two machines, I don't
think the version difference should matter. For this experiment, I've
created a test user on each machine.

On the source machine:

source$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): [empty passphrase -mdk]
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is:
2c:cc:7d:b0:21:7d:67:b1:29:e8:8c:77:67:7d:8c:0b
source$ scp .ssh/id_rsa.pub test@192.168.0.16:~/
The authenticity of host '192.168.0.16 (192.168.0.16)' can't be established.
RSA key fingerprint is 9d:0b:36:0f:50:78:99:db:f2:ef:8f:b2:11:0e:82:a6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.16' (RSA) to the list of known hosts.
test@192.168.0.16's password:
id_rsa.pub 100% 237 0.0KB/s 00:00

target$ cat id_rsa.pub >> .ssh/authorized_keys

On the target machine, as root, checked /etc/sshd/sshd_config,
uncommented the following:

RSAAuthentication yes [Couldn't hurt, right? -mdk]
PubkeyAuthentication yes [This should allow this whole shebang to work -mdk]
PermitEmptyPasswords yes [Anecdotal evidence suggests this will allow
empty passphrases -mdk]

Restarted sshd to re-read the config file:
target$ /etc/rc.d/init.d/sshd restart

Then tried again:
source$ ssh 192.168.0.16
test@192.168.0.16's password: [entered password -mdk]
target$

So, because it asked me for my password, I can only assume that I'm not
getting PKA to work. On target, I've checked to make sure that the file
/home/test/.ssh/authorized_keys is world-readable. I've tried renaming
the file to authorized_keys2, but still no dice.

What else can I check, gang?

Mischa.
___________________
Nolug mailing list
nolug@nolug.org
Received on 02/22/04

This archive was generated by hypermail 2.2.0 : 12/19/08 EST