Re: ssh without password?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Cameron Simpson wrote:
>
>> | When I ssh into machine B from machine A, I am asked for my password.
>> | But when I ssh into A from B, I am not.
>> |
>> | In both cases, id_rsa.pub from the other machine
>> | has been added to authorized_keys .
>> | And I see no difference in sshd_config or ssh_config .
>> |
>> | So why am I asked for my password when ssh-ing into B?
>>
>> Examine /var/log/secure on machine B. It should shed some light on
>> things. Also do your ssh with the -v option - you should see which
>> authentication methods are being attempted. If your key is not being
>> used, that will be apparent then. If it is being used but rejected, that
>> will be apparent and the /var/log/secure file on machine B should say
>> why. I presume you're using an ssh-agent?
>
> Thanks very much.
>
> On looking at /var/log/secure on machine B I read:
> -----------------------------
> Feb 23 12:47:19 blanche sshd[18050]: Authentication refused: bad ownership
> or modes for file /home/tim/.ssh/authorized_keys
> Feb 23 12:47:22 blanche sshd[18050]: Accepted password for tim from
> 192.168.2.1 port 41431 ssh2
> -----------------------------
>
> When I looked at .ssh/authorized_keys I saw that it had mode 664
> (ie with group write permission).
> After changing this to mode 644, I am able to login without password.

Usually, permissions of 600 or 700 will do...644 makes the file world
readable, and that's not necessarily a good thing...however, it looks like
you're back where you need to be.

Out of curiosity, what were the permissions on the file before you ran th
chmod command?

-- 
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org

To be notified of updates to the web site, visit:

https://www.bubbanfriends.org/mailman/listinfo/site-update

or send a blank email message to:

site-update-subscribe@xxxxxxxxxxxxxxxxx

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux