6

im trying to add to a ssh server of mine ssh key pairs so i can log in password-less.

When i add my public key to my server by creating a .svn and authorized_keys, when i remove it i can log in again (with a password prompt).

Not sure what else to do but i tried generating a rsa ssh-keygen -t rsa. Not sure what else to do. Thanks guys

Doz
  • 205
  • 1
  • 3
  • 6
  • 1
    Well, the first step is to look at the logs on the ssh server. That will tell you exactly why the connection is getting closed. – cjc Apr 03 '12 at 13:31

4 Answers4

6

The most common problem when setting up passwordless login with SSH is getting the permissions of your .ssh directory and the authorized_keys files wrong. SSH is fussy about permissions - with good reason; the wrong permissions can compromise your security.

The permissions should be at least this restrictive:

$ ls -la .ssh
total 28
drwx------ 2 user group  4096 2011-10-05 16:08 .
drwxr-xr-x 4 user group  4096 2012-04-03 12:16 ..
-rw------- 1 user group   405 2011-10-05 16:08 authorized_keys
-rw-r--r-- 1 user group 15912 2012-03-24 10:17 known_hosts

You can achieve this with:

chmod 700 .ssh
chmod 600 .ssh/authorized_keys

The second most common error is spelling authorised_keys correctly and having SSH ignore the file because it was written by Americans.

The error messages for permissions appear on the server, in the logs and not in the client so it can be tricky to find this.

I have also run into the problem with my public key being split over two lines in .ssh/authorized_keys. Due to the split happening exactly at the end of the line, it isn't obvious. An editor like vi makes it easy to tell. Resizing your terminal window should also cause it to re-wrap and clearly show any split lines.

I assumed you meant .ssh in your question and not .svn. If you did actually create a .svn directory, you will need to change it to ssh.

Ladadadada
  • 26,337
  • 7
  • 59
  • 90
  • Hi thanks. I tried copying the id_rsa.pub directly to the server and renaming authorized_user, changing chmod to 600 and 700 for the dir. I noticed i can only cd in to it via sudo now. But it still prompts me for the password. I also generated key by doing **ssh-keygen -t rsa** with blank paraphrase – Doz Apr 03 '12 at 13:31
  • I forgot to mention, the ownership matters too. Make sure you own both the file and the directory. The `chmod 600` was for the keys file, not the directory - check that your permissions output matches what mine says. Also, you can't `sudo cd`. Well, you can but it doesn't achieve anything because sudo starts a subshell as root and ends it once the command is done. – Ladadadada Apr 03 '12 at 14:15
  • Grr yeah thats fair enough so i did chown it as me (logged in user) and i can access the file without being in root but still it asks me for the password. is there something that needs to be reset in terms of the sshd service etc? – Doz Apr 03 '12 at 21:04
  • Next steps: make sure you are using the correct private key at the client end by typing `ssh -vvv`. – Ladadadada Apr 03 '12 at 22:07
  • Interesting. I get back `**penSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 ssh: .: Name or service not known**` – Doz Apr 04 '12 at 01:03
  • Not sure what else to do from here mate – Doz Apr 04 '12 at 22:11
  • Great worked, just had to reset my computer, apparently my macbook went nuts and it didn't work but when i reset it worked fine. – Doz Apr 10 '12 at 23:23
  • _I have also run into the problem with my public key being split over two lines..._ yep, my case. thx :) – felipsmartins Aug 03 '20 at 21:12
1

You need to make sure the user id you are trying to ssh to is also in access.conf on the destination server

#ADD limited to be included directly below this line

+:jim:ALL

puma
  • 11
  • 2
0

Your question is hard to parse, but I don't know what you think ".svn" will accomplish.

Your public key must be added to the ~/.ssh/authorized_keys file on the remote system.

man ssh for details.

adaptr
  • 16,576
  • 23
  • 34
0

Just set user password to '*' - that prevent username/password login

Kondybas
  • 6,964
  • 2
  • 20
  • 24