Results 1 to 4 of 4

Thread: SSH Login with no password

  1. #1
    AzMoo NNTP User

    Unhappy SSH Login with no password

    Hey everybody. I'm trying to set up passwordless SSH between two hosts but I'm having trouble authenticating. When I try to connect from the host I get the following:

    Code:
    matt@VidWebSatellite:~>ssh matt@192.168.59.134
    Permission denied (publickey).
    I generated the keys with "ssh-keygen -t rsa" and copied the contents of "~/.ssh/id_rsa.pub" to "/home/matt/.ssh/authorized_keys". The .ssh directory is owned by matt:users and has 700 permissions. The authorized_keys file is owned by matt:users and has 600 permissions.

    Here is the sshd_config from the server:

    Code:
    #	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
    
    # This is the sshd server system-wide configuration file.  See
    # sshd_config(5) for more information.
    
    # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
    
    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented.  Uncommented options change a
    # default value.
    
    #Port 22
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::
    
    # Disable legacy (protocol version 1) support in the server for new
    # installations. In future the default will change to require explicit
    # activation of protocol 1
    Protocol 2
    
    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key
    
    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 1024
    
    # Logging
    # obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    LogLevel DEBUG3
    
    # Authentication:
    
    #LoginGraceTime 2m
    #PermitRootLogin yes
    #StrictModes yes
    #MaxAuthTries 6
    #MaxSessions 10
    
    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile	~/.ssh/authorized_keys
    
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    
    # To disable tunneled clear text passwords, change to no here!
    PasswordAuthentication no
    #PermitEmptyPasswords yes
    
    # Change to no to disable s/key passwords
    ChallengeResponseAuthentication no
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    
    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes
    
    # Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
    # mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
    # in this release. The use of 'gssapi' is deprecated due to the presence of 
    # potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
    #GSSAPIEnableMITMAttack no
     
    
    # Set this to 'yes' to enable PAM authentication, account processing, 
    # and session processing. If this is enabled, PAM authentication will 
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication.  Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    UsePAM yes
    
    #AllowAgentForwarding yes
    #AllowTcpForwarding yes
    #GatewayPorts no
    X11Forwarding yes 
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #TCPKeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    #UseDNS yes
    #PidFile /var/run/sshd.pid
    #MaxStartups 10
    #PermitTunnel no
    #ChrootDirectory none
    
    # no default banner path
    #Banner none
    
    # override default of no subsystems
    Subsystem	sftp	/usr/lib/ssh/sftp-server
    
    # This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
    AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
    AcceptEnv LC_IDENTIFICATION LC_ALL
    
    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    #	X11Forwarding no
    #	AllowTcpForwarding no
    #	ForceCommand cvs server
    And here is the log of the connection attempt:

    Code:
    Aug  9 21:09:43 VidWebMaster sshd[13063]: debug3: fd 5 is not O_NONBLOCK
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
    Aug  9 21:09:43 VidWebMaster kernel: klogd 1.4.1, ---------- state change ----------
    Aug  9 21:09:43 VidWebMaster sshd[13063]: debug1: Forked child 13518.
    Aug  9 21:09:43 VidWebMaster sshd[13063]: debug3: send_rexec_state: entering fd = 8 config len 547
    Aug  9 21:09:43 VidWebMaster sshd[13063]: debug3: ssh_msg_send: type 0
    Aug  9 21:09:43 VidWebMaster sshd[13063]: debug3: send_rexec_state: done
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: inetd sockets after dupping: 3, 3
    Aug  9 21:09:43 VidWebMaster sshd[13518]: Connection from 192.168.59.135 port 48904
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: Client protocol version 2.0; client software version OpenSSH_5.1
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: match: OpenSSH_5.1 pat OpenSSH*
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: Enabling compatibility mode for protocol 2.0
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: Local version string SSH-2.0-OpenSSH_5.1
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug2: fd 3 setting O_NONBLOCK
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug2: Network child is on pid 13519
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: preauth child monitor started
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_request_receive entering
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: monitor_read: checking request 0
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_answer_moduli: got parameters: 1024 1024 8192
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_request_send entering: type 1
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug2: monitor_read: 0 used once, disabling now
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_request_receive entering
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: monitor_read: checking request 4
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_answer_sign
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_answer_sign: signature 0xb80b6f60(143)
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_request_send entering: type 5
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug2: monitor_read: 4 used once, disabling now
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_request_receive entering
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: monitor_read: checking request 6
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_answer_pwnamallow
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: Trying to reverse map address 192.168.59.135.
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug2: parse_server_config: config reprocess config len 547
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_request_send entering: type 7
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug2: monitor_read: 6 used once, disabling now
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_request_receive entering
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: monitor_read: checking request 45
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: PAM: initializing for "matt"
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: PAM: setting PAM_RHOST to "192.168.59.135"
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: PAM: setting PAM_TTY to "ssh"
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug2: monitor_read: 45 used once, disabling now
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_request_receive entering
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: monitor_read: checking request 3
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_answer_authserv: service=ssh-connection, style=
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug2: monitor_read: 3 used once, disabling now
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_request_receive entering
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: monitor_read: checking request 20
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_answer_keyallowed entering
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_answer_keyallowed: key_from_blob: 0xb80bba00
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: temporarily_use_uid: 1000/100 (e=0/0)
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: trying public key file /root/.ssh/authorized_keys
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: restore_uid: 0/0
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: temporarily_use_uid: 1000/100 (e=0/0)
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: trying public key file /root/.ssh/authorized_keys
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: restore_uid: 0/0
    Aug  9 21:09:43 VidWebMaster sshd[13518]: Failed publickey for matt from 192.168.59.135 port 48904 ssh2
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_answer_keyallowed: key 0xb80bba00 is not allowed
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_request_send entering: type 21
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: mm_request_receive entering
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: do_cleanup
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug1: PAM: cleanup
    Aug  9 21:09:43 VidWebMaster sshd[13518]: debug3: PAM: sshpam_thread_cleanup entering
    Why is it looking in /root/.ssh/ for the authorized_keys file? What have I missed?

    Cheers

  2. #2
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: SSH Login with no password

    It would be because of this line that you modified in /etc/ssh/sshd_config:

    Code:
    AuthorizedKeysFile	~/.ssh/authorized_keys
    Before you modified it, it was:

    Code:
    #AuthorizedKeysFile     .ssh/authorized_keys
    which is to say, the default was already correct, it's relative to the home directory. By changing it to ~/.ssh/authorized_keys, you made it equal to /root/.ssh/authorized_keys, because the user running sshd is root.

    Public key authentication works with the out of the box /etc/ssh/sshd_config. You made it not work by too much interference. So put things in /etc/ssh/sshd_config back the way you found them and it will work. After that you may wish to add

    Code:
    PermitRootLogin no
    and

    Code:
    AllowUsers matt
    to tighten up security.

  3. #3
    AzMoo NNTP User

    Default Re: SSH Login with no password

    You made it not work by too much interference.
    Haha, story of my life. Thanks heaps, mate.

  4. #4
    Join Date
    Feb 2009
    Location
    Malaysia
    Posts
    17

    Default Re: SSH Login with no password

    where is your private key is stored?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •