Re: [Nolug] Getting Public Key Authentication to work with OpenSSH

From: Manuel Lora <vanguardist_at_cox.net>
Date: Sun, 22 Feb 2004 14:40:23 -0600
Message-Id: <200402221440.23690.vanguardist@cox.net>

The file should be authorized_keys2. Is your obective key auth w/o password?
Because you'll need to enter the passphrase anyway.

ml

On Sunday 22 February 2004 02:23 pm, Mischa Krilov wrote:
> Greetings!
>
> At the last presentation, we tried to get ssh to allow public key
> authentication between two machines. I've been having similar troubles
> at home. So I'm going to post exactly what I'm doing (in the hopes that
> it will just work), and maybe someone out there can help me see whatever
> blindingly obvious thing I'm missing. Note my comments are inline inside
> of [square brackets].
>
> Setup:
> Two machines, 192.168.0.16 (target) and 192.168.0.17 (source). The
> target machine is RH9, the source machine is a Gentoo box.
>
> ssh -V on target:
> OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
>
> ssh -v on source:
> OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6k 30 Sep 2003
>
> Note that since I can successfully ssh between the two machines, I don't
> think the version difference should matter. For this experiment, I've
> created a test user on each machine.
>
> On the source machine:
>
> source$ ssh-keygen -t rsa
> Generating public/private rsa key pair.
> Enter file in which to save the key (/home/test/.ssh/id_rsa):
> Enter passphrase (empty for no passphrase): [empty passphrase -mdk]
> Enter same passphrase again:
> Your identification has been saved in /home/test/.ssh/id_rsa.
> Your public key has been saved in /home/test/.ssh/id_rsa.pub.
> The key fingerprint is:
> 2c:cc:7d:b0:21:7d:67:b1:29:e8:8c:77:67:7d:8c:0b
> source$ scp .ssh/id_rsa.pub test@192.168.0.16:~/
> The authenticity of host '192.168.0.16 (192.168.0.16)' can't be
> established. RSA key fingerprint is
> 9d:0b:36:0f:50:78:99:db:f2:ef:8f:b2:11:0e:82:a6. Are you sure you want to
> continue connecting (yes/no)? yes
> Warning: Permanently added '192.168.0.16' (RSA) to the list of known hosts.
> test@192.168.0.16's password:
> id_rsa.pub 100% 237 0.0KB/s 00:00
>
> target$ cat id_rsa.pub >> .ssh/authorized_keys
>
> On the target machine, as root, checked /etc/sshd/sshd_config,
> uncommented the following:
>
> RSAAuthentication yes [Couldn't hurt, right? -mdk]
> PubkeyAuthentication yes [This should allow this whole shebang to work
> -mdk] PermitEmptyPasswords yes [Anecdotal evidence suggests this will allow
> empty passphrases -mdk]
>
> Restarted sshd to re-read the config file:
> target$ /etc/rc.d/init.d/sshd restart
>
> Then tried again:
> source$ ssh 192.168.0.16
> test@192.168.0.16's password: [entered password -mdk]
> target$
>
> So, because it asked me for my password, I can only assume that I'm not
> getting PKA to work. On target, I've checked to make sure that the file
> /home/test/.ssh/authorized_keys is world-readable. I've tried renaming
> the file to authorized_keys2, but still no dice.
>
> What else can I check, gang?
>
> Mischa.
> ___________________
> Nolug mailing list
> nolug@nolug.org
___________________
Nolug mailing list
nolug@nolug.org
Received on 02/22/04

This archive was generated by hypermail 2.2.0 : 12/19/08 EST