From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mikel Bauer Subject: Re: SSH Athentification with public key Date: Tue, 27 May 2003 11:55:50 -0600 Sender: linux-admin-owner@vger.kernel.org Message-ID: <3ED3A6A6.8030401@bridgeband.net> References: <3ED39EF3.70706@bcgreen.com> Mime-Version: 1.0 Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: In-Reply-To: <3ED39EF3.70706@bcgreen.com> List-Id: Content-Type: text/plain; charset="iso-8859-1"; To: Stephen Samuel Cc: =?ISO-8859-15?Q?Gerd_M=FCller?= , linux-admin@vger.kernel.org Please realize with a redhat 7.3 install, that "authorized_keys" is=20 perfectly valid, and infact SHOULD be used as you would need to changed= =20 the default sshd_config file to point to the "authorized_keys2" file. And it's required to append the contents of your public rsa key to the=20 authrized_keys file (man ssh-keygen): $HOME/.ssh/id_rsa.pub Contains the protocol version 2 RSA public key for authen= tica- tion. The contents of this file should be added to $HOME/.ssh/authorized_keys on all machines where the user= =20 wishes to log in using public key authentication. There is no=20 need to keep the contents of this file secret. with redhat7.3, there should be no need for any identify files (identit= y=20 or identity.pub). Doing a verbose connection should help figure out what the problem is=20 (ssh -v hostname). This should show you step by step how it's trying t= o=20 authenticate. --=20 Mikel Bauer Stephen Samuel wrote: > Gerd M=FCller wrote: >=20 >> Hello, >> >> i want to update hourly a remote mirror-server with rsync via ssh. I= n=20 >> order to enable the file-server to establish a ssh-session without=20 >> password prompt, i created on file-server a keypair with ssh-keygen = -t=20 >> rsa (empty passphrase) and copied the public key (id_rsa.pub) to the= =20 >> /root/.ssh/authorized_keys File (on mirror-server). This file didn't= =20 >> exist before. >=20 >=20 > Try: > cd .ssh > chmod og-w auth* . .. > mv authorized_keys authorized_keys2 >=20 > The authorized_keys file must be owned and readable by root, > (or owned and readable by the user that is being authenticated for) > The authorized_keys file, the .ssh directory and your home directory > must ONLY be writable by the owner. They CANNOT be group-writable. >=20 > Matt Hemingway wrote: > > Could be a couple things: > > > > 1. When you copied the id_rsa.pub file, did you do a copy and past= e=20 > from an xterm window to an xterm window or did you sftp/scp/ftp the f= ile=20 > over? I had a similar problem, where I had copied the contents from = an=20 > xterm window to an xterm window and instead of the lines wrapping at = the=20 > end of the window, line breaks were inserted. Each public key entry m= ust=20 > be one line. > > > > 2. Make sure the authorized_keys file is owned and readable by roo= t. > > > > Also, try ssh -vvv root@mirror-server and see if you get any usefu= ll=20 > info. strace can come in handy as well. >=20 > if you're using the DSA or RSA public keys. They should go into the > authorized_keys2 file. > ^ > It's only identity.pub (the ssh1 public key file) who'se contents > get coppied into authorized_keys >=20 > - To unsubscribe from this list: send the line "unsubscribe linux-admin" = in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html