How to SSH to localhost without password?

17

2

EDIT: Putting exactly what was done.

I need to SSH to localhost without a password, the usual way of doing it (with public keys) do not work.

user@PC:~$ rm -rf .ssh/*
user@PC:~$ ssh-keygen -t rsa > /dev/null 
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
user@PC:~$ ls .ssh/
id_rsa  id_rsa.pub
user@PC:~$ ssh-copy-id -i localhost 
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is f7:87:b5:4e:31:a1:72:11:8e:5f:d2:61:bd:b3:40:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
user@localhost's password: 
Now try logging into the machine, with "ssh 'localhost'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

user@PC:~$ ssh-agent $SHELL
user@PC:~$ ssh-add -L
The agent has no identities.
user@PC:~$ ssh-add 
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)
user@PC:~$ ssh-add -L
ssh-rsa ...MY KEY HERE

user@PC:~$ ssh-copy-id -i localhost 
user@localhost's password: 
Now try logging into the machine, with "ssh 'localhost'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

user@PC:~$ ssh localhost echo 'testing'
user@localhost's password: 

user@PC:~$

So as you can see in the last command it is still asking the password !!! How can I fix that ?? Ubuntu-10.04 , OpenSSH_5.3p1

EDIT2:

Adding some info about the sshd

user@PC:~$ cat /etc/ssh/sshd_config | grep Authentication
# Authentication:
RSAAuthentication yes
PubkeyAuthentication yes
RhostsRSAAuthentication no
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
ChallengeResponseAuthentication no
# PasswordAuthentication yes
#KerberosAuthentication no
#GSSAPIAuthentication no
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.

EDIT3: Ading result from $ssh -vv localhost

$ssh -vv localhost
...
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/identity
debug1: Offering public key: /home/user/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/user/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
user@localhost's password:

EDIT4:

Just checking if the files are the same and the md5sum agree

Canesin

Posted 2011-09-16T02:21:16.940

Reputation: 309

Cross posted on Stack Overflow: https://stackoverflow.com/questions/7439563/how-to-ssh-to-localhost-without-password

– Flux – 2019-08-16T01:37:56.933

Do you have RSAAuthentication yes and PubkeyAuthentication yes in your /etc/ssh/sshd_config ? What does ssh -vv localhost show? I just tried this on a 10.04 box and had no problem.. – Doon – 2011-09-16T03:33:48.503

Hy Doon, indeed.. I have both to yes .. I added the output of ssh -vv in the question. – Canesin – 2011-09-16T03:54:36.257

Why do you need to ssh to localhost if you already have access? – vtest – 2011-09-16T10:06:29.620

Parallel processing softwares use local ssh/rsh – Canesin – 2011-09-16T11:21:28.440

Please don't post the answer in the question or put "SOLVED" in the title. You've done the right thing by providing an answer. Once you've accepted the answer the system will show that the problem is solved. – ChrisF – 2011-09-16T11:28:44.903

Answers

3

Have discovered the problem.

Running the server with debuging:

$sshd -Dd

I found it was not able to read the auth_key

$chmod 750 $HOME

Fixed it.

Canesin

Posted 2011-09-16T02:21:16.940

Reputation: 309

What were the previous file flags? – bbaja42 – 2011-09-16T14:13:15.340

10

First of all, you should understand what your doing:

user@PC:~$ cat .ssh/id_rsa.pub | ssh localhost 'cat >> .ssh/authorized_keys'

You are copying the public key .ssh/id_rsa.pub through ssh, to the same host (that is what localhost is, the same host). If you replace localhost with some other host, that would make more sense (but if you are trying this for the sake of learning how to do it, that's ok).

Once you have a copy of your public key on the remote host (or the same one you're in), you have to make sure that you use it for authentication, in your actual host, calling ssh-agent / ssh-add:

$ eval `ssh-agent`
$ ssh-add

Then, if you provided a passphrase, you'll be requested to enter it after ssh-add. If you generated a private key without passphrase, then that's it.

Torian

Posted 2011-09-16T02:21:16.940

Reputation: 603

Yes, I understand the commands, I just put that way to make it clear that I did the usual stuff with the keys. I did ssh-add ... it don't ask the passphrase (as I used none in the creation) .. but again, doing, $ ssh localhost ls, it asks for the password – Canesin – 2011-09-16T02:52:28.543

So if you did execute ssh-add, please edit your question and put everything you did. The more information you give, the better and quicker the answer. – Torian – 2011-09-16T03:31:04.930

Sorry for that, fixed now.. I added the terminal, did all again to paste here.. – Canesin – 2011-09-16T03:42:43.123

Thanks a million times! BTW, why "eval"? – IProblemFactory – 2013-10-04T10:41:23.097

2

Do the following steps

ssh-keygen -t rsa -C "your_email@example.com"
# Creates a new ssh key, using the provided email as a label
# Generating public/private rsa key pair.

Use the default file and empty passphrase (Simply press enter in the next 2 steps)

# start the ssh-agent in the background
eval "$(ssh-agent -s)"
# Agent pid 59566
ssh-add

Copy the contents of ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys

Ensure following are the permissions

 ls -l .ssh/
 total 20
-rw-r--r--. 1 swati swati  399 May  5 14:53 authorized_keys
-rw-r--r--. 1 swati swati  761 Jan 12 15:59 config
-rw-------. 1 swati swati 1671 Jan 12 15:44 id_rsa
-rw-r--r--. 1 swati swati  399 Jan 12 15:44 id_rsa.pub
-rw-r--r--. 1 swati swati  410 Jan 12 15:46 known_hosts

Also, ensure the permissions for .ssh directory are. This is also important

drwx------.   2 swati swati    4096 May  5 14:56 .ssh

swatisinghi

Posted 2011-09-16T02:21:16.940

Reputation: 121

1Ensure 750 permissions on $HOME – swatisinghi – 2015-08-03T11:34:03.573

On my machine (Fedora 28) setting permission of authorized_keys to 0600 resolves the problem, while permission of the .ssh directory has no effect on sshing localhost – Chang Qian – 2018-10-14T11:05:31.693

1

Simplify the server config

I think you may need to disable password-based authentication. This is an sshd_config I use

Port 22
Protocol 2
PermitRootLogin no
StrictModes yes
PasswordAuthentication no
ChallengeResponseAuthentication no
MaxStartups 2
AllowUsers peter paul mary
LogLevel VERBOSE

Try something minimal first, then add to it as you need extra capabilities.

Update:

Check server logs

From your EDIT3 I see that the public-key authentication fails before the client attempts password-based authentication. your server's syslog may contain some messages from sshd that shed some light on this.

Reload changed configs

Remember to signal sshd to reload any config changes. E.g. kill -HUP $(cat /etc/sshd.pid)

RedGrittyBrick

Posted 2011-09-16T02:21:16.940

Reputation: 70 632

I think disabling password authentication when he can't even get in without the password would be the last thing he wants to do (locking himself out completely) – Amalgovinus – 2014-06-17T21:02:31.183

@Amalgovinus: The question has been extensively edited since I posted my initial answer. I suppose I could delete this answer. – RedGrittyBrick – 2014-06-17T22:48:54.740

0

For me it was as simple as

cat id_rsa.pub >> authorized_keys

user695025

Posted 2011-09-16T02:21:16.940

Reputation: 1

0

I had same problem ,I did following 3 steps to create the password less login and it works fine

1. ssh-keygen -t rsa
Press enter for each line
2. cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
3. chmod og-wx ~/.ssh/authorized_keys

Hadi Rahjoo

Posted 2011-09-16T02:21:16.940

Reputation: 1

0

Regarding the above post, while facing the same problem, I just changed the line

PasswordAuthentication no

in the /etc/ssh/sshd_config file and it worked.

Moreover, perhaps it is better to use

service sshd restart

to reload sshd config changes.

Nicolas

Posted 2011-09-16T02:21:16.940

Reputation: 1

0

Another solution for Red Hat Enterprise Linux 6.5 SELinux feature preventing sshd from reading $HOME/.ssh is to use restorecon, see my answser here https://superuser.com/a/764020/213743.

buzz3791

Posted 2011-09-16T02:21:16.940

Reputation: 266

Asked: 2011-09-16T02:21:16.940

Viewed: 67 516 times

Active: 2018-03-26T10:34:18.703