1
2
I have set up my computer to do the public/private authentication with a remote server, but somehow it is not working today.
I have done the ssh key-gen -t rsa, then scp'd it to the remote.
I can scp without a password (using the pub/priv key), but whenever I try to SSH, it requests the password.
What can I do to authenticate on the key alone?
pureman
Posted 2011-05-14T16:15:05.530
Reputation: 111
5
You should check if you have (sshd_config) :
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
UsePAM yes <-- That one is usually the last line of the sshd_config
Then that your public key is added to authorized_keys in your ~/.ssh/.
The last one (UsePAM yes) is very important, since if disabled it will force you to authenticate with your unix account. PAM is here to say that private key authentication is sufficient to log in.
Eventually, if that still don't resolves you may have to check the PAM configuration.
M'vy
Posted 2011-05-14T16:15:05.530
Reputation: 3 540
2I think working scp illustrates that the proble is on the client side, not on the server's one. – Basilevs – 2011-05-14T16:39:21.880
UsePAM is "yes" and everything in my pam.conf file is commented out. Any more help would be greatly appreciated. – pureman – 2011-05-14T16:43:11.830
Do you specify the key manually with -i ? or with a directive in .ssh/config? Do you have a pam_sshd or pam_ssh in the /etc/pam.d/ directory? What are you using for ssh and scp client: command line? GUI? Linux/Windows? – M'vy – 2011-05-15T11:40:58.210
1
First, On remote server:
/usr/sbin/sshd -de -p 1234
Second, On your computer:
ssh -vp 1234
You may find the error.
Or you can post them here.
GongT
Posted 2011-05-14T16:15:05.530
Reputation: 21
0
You need to add your public key on the server to the authorized keys:
ssh-keygen -i -f keyfilename.pub >> ~/.ssh/authorized_keys2
or
cat keyfilename.pub >> ~/.ssh/authorized_keys2
Bora
Posted 2011-05-14T16:15:05.530
Reputation: 732
0
If you can scp with the key but not ssh, it sounds like your scp client can find the key, but the ssh client can't.
Since you mentioned ssh-keygen -t rsa I'm going to assume that you're using OpenSSH on UNIX of some kind and you saved the key in the default location in some user account.
Are you logged in as user other than the one with the key (e.g. sued or sudoed) when you're running the ssh client? If you need to ssh without a password from that account also, you'll probably want to use ssh-keygen in that account, and then put that account's public ssh key in the remote server's authorized keys file along side the other one.
rakslice
Posted 2011-05-14T16:15:05.530
Reputation: 2 276
Does te server requires pass for the Key or for your username? (Should be indicated : pass for key xxx) – M'vy – 2011-05-14T16:28:23.343
Where/How would I check this? – pureman – 2011-05-14T16:30:26.960
Does the prompt only says : Password: or something like Enter passphrase for key '/home/xxx' – M'vy – 2011-05-14T16:31:46.167
Oh, it asks for "user@remote's password," so the username. – pureman – 2011-05-14T16:34:05.927
What does
ssh -v ...say? It mostly shows you where the problem is. Also, show usls -la ~/.ssh. – slhck – 2011-05-14T16:55:33.153... debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: ~/.ssh/identity debug1: Offering public key: ~/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: ~/.ssh/id_dsa debug1: Next authentication method: password [requests password] – pureman – 2011-05-14T17:04:02.817
and the permissions on .ssh are all good to go. – pureman – 2011-05-14T17:06:48.150
For the record, the term and sshd option "RSA Authentication" belong to obsolete SSHv1. In SSHv2, "Public key authentication" or "PubkeyAuthentication" are used. – user1686 – 2011-05-14T17:20:02.517