0

I have a machine X, I login to X and issue an ssh somewhere command which uses key authentication, and it works fine.

When I ssh to machine X from a 12.10 machine (which does not have my special machine X keys), and try the same command above, it fails with Permission denied (publickey). message. I googled around and it looks like this is related to ssh agent forwarding, but I am not sure.

I have faced the same problem trying to ssh from the latest secureCRT too. I tried disabling agent forwarding in secureCRT with no luck.

How do I solve this? If disabling agent forwarding is the key, how do I do it? Do I need to change anything in the destination machine?

Samer Buna
  • 8,821
  • 9
  • 38
  • 55
  • to test whether the problem is agent related you could force agent forwarding on (-A) or off (-a) when connecting to X. You can also enable/disable forwarding for host X in 12.10's ~/.ssh/config (with ForwardAgent yes/no). – artm Mar 30 '13 at 08:27

2 Answers2

0

Need change param ForwardAgent=yes to /etc/ssh/ssh_config

Azbykov
  • 1,823
  • 1
  • 11
  • 5
-1

The error means that the machine X only accepts public key authentication and you appear not to have your private key on the 12.10 machine.

Note there is a difference between the machine keys and your keys.

On 12.10 (and similarly on most machines) the machine keys were created when the openssh-server package was installed and will be held in files called something like /etc/ssh/ssh_host_*_key[.pub]

Your keys are held on the machine you ran ssh-keygen on and are typically found in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub.

In your case to ssh from 12.10 to X you need to securely copy ~/.ssh/id_rsa from X on to 12.10. Note this is your private key, you do not want to have it laying around for anyone to see.

Next you need to ensure that there is a copy of ~/.ssh/id_rsa.pub in a file called ~/.ssh/authorized_keys on X. (cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys should do the job)

You also need to ensure correct permissions: the ~/.ssh/ directory should be rwx only by you and the files in ~/.ssh/ are best set to rw only by you.

Jack Lawrence
  • 10,664
  • 1
  • 47
  • 61
jad
  • 1
  • What if I don't want to share my private key on X with any other machines? If I have ssh access to X, shouldn't I be able to use my keys on X? Things used to work this way before. – Samer Buna Jan 14 '13 at 17:54
  • 1
    Samer, you are correct: you don't want to copy the private key from machine to machine, that's not what private keys are for. – artm Mar 30 '13 at 06:54