0

I am trying to create a passwordless connect (with keys) between two linux boxes. I have done it 20 or 30 times before but this is the first time it is fighting me and trying it on a fresh install of Centos 7. I create the key, ssh-copy-id it over, and it looks all happy. When I log in it still asks for a password. 

root@client:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
(client-key) root@client
The key's randomart image is:
+--[ RSA 2048]----+
|              E. |
|            . .  |
|             o   |
|            .  +.|
|      o S   ..o =|
|     o . . . ooo.|
|      . .  ..=+ .|
|       .   .=. . |
|        ..oo.oo  |
+-----------------+
root@client:~# ssh-copy-id -i .ssh/id_rsa.pub central@server
central@server's password:
Now try logging into the machine, with "ssh 'central@server'", and check in:

  ~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

root@client:~# ssh central@server
central@server's password: (password entered at this point to make sure I had it correct)
Last login: Mon Jul 21 14:06:43 2014
[central@server ~]$

I have found numerous mentions to checking permissions on the .ssh folders and the authorized_keys file and have tried them in all kinds of different combinations. I have wiped out the .ssh folders on both servers and started from scratch. SElinux is disabled on both boxes, and no there was no password set on the keyfile at any time.

Any thoughts?

user3861816
  • 1
  • You need to use the `ssh` debug option to see where it's failing to use the key. Also, this is off-topic for SO and belongs on [su] – Jim Garrison Jul 21 '14 at 18:29
  • It is very likely that it is to due with file and directory permissions -- keys are ignored if the permissions are too open -- check your log files in /var/log – Soren Jul 21 '14 at 18:32
  • This question probably belong on superuser.com – Soren Jul 21 '14 at 18:32
  • Soren, looks like you were right, found this in /var/log/secure sshd[3106]: Authentication refused: bad ownership or modes for directory /home/central Played with the home directory permission a bit and that fixed it, thanks! – user3861816 Jul 21 '14 at 18:46

2 Answers2

2

I have solved the problem by simply run this command on the local machine ( after generating the key):

$ ssh-add
Nidal
  • 1,717
  • 1
  • 27
  • 42
0

The actual error was when you tried to login after deploying the public key:

root@client:~# ssh central@server

You omitted the -i private-key-file parameter and did not define one in .ssh/config for that connection.

Jim Garrison
  • 85,615
  • 20
  • 155
  • 190