ssh only with password
Bob Proulx
bob at proulx.com
Mon Mar 22 05:53:15 EST 2004
Martin Imhäuser wrote:
> I must relogin on the same machine in my shell with ssh and without password.
> For this I tried the procedure
> ssh-keygen -t dsa and ssh-keygen -t rsa.
Only one of those two are required. Personally I use only the 'rsa'
type.
> I copied the entries in /.ssh/id_dsa.pub and /.ssh/id_rsa.pub in
> /.ssh/authorized_keys
Did you mean a literal / there? Hope not. Those should go into your
home directory, not /. So hopefully you put those in $HOME/.ssh.
Also, the $HOME/.ssh/authorized_keys is on the _remote_ machine and
not the local machine.
Also, sometimes people do this with an text editor and accidentally
word wrap the file. Therefore I recommend simply appending them with
the shell and cat. These steps will correct any problems here.
mv $HOME/.ssh/authorized_keys $HOME/.ssh/authorized_keys.bak
cat $HOME/.ssh/id_rsa.pub >> $HOME/.ssh/authorized_keys
chmod go-w $HOME/.ssh/authorized_keys
> When I open a shell I type exec ssh-agent $SHELL and then ssh-add
> and give my passphrases.
Good.
> When I now type ssh machinename my PC wants my password.
The most common reason for this is that SSH finds insecure file
permission modes on files or directories and therefore cannot trust
the authorized_keys file. You most likely created one of the
directories or files with group write permission. On the remote
machine these commands will verify and correct the permissions.
ls -ld $HOME $HOME/.ssh $HOME/.ssh/authorized_keys
drwxr-xr-x 101 bob bob 10824 2004-03-21 11:39 /home/bob
drwxr-xr-x 3 bob bob 488 2004-01-13 07:54 /home/bob/.ssh
-rw-r--r-- 1 bob bob 2637 2004-01-09 20:23 /home/bob/.ssh/authorized_keys
If you find one with group write permission change it with chmod.
chmod go-w $HOME $HOME/.ssh $HOME/.ssh/authorized_keys
That is the most likely problem and those steps should correct it.
Bob
More information about the openssh-unix-dev
mailing list