Re: Q: respecting .ssh/id_rsa

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 



On 5/8/2015 7:22 AM, Valeri Galtsev wrote:

On Fri, May 8, 2015 8:58 am, James B. Byrne wrote:

While attempting to debug something else I ran across this:

ssh -vvv somehost
. . .
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/identity-cert type -1
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
. . .

However if I verify the key I see this:

ssh-keygen -l -f ~/.ssh/id_rsa.pub
4096 08:70:3b:92:4c:96:1c:6a:03:a4:ae:66:8d:9e:6c:93
/root/.ssh/id_rsa.pub (RSA)

Which seems ok to me. The permissions also seem ok:

.ssh]# ll
total 40
-rw-------. 1 root root  3863 Oct 11  2012 authorized_keys
-rw-------. 1 root root  3243 Aug  9  2012 id_rsa
-rw-r--r--. 1 root root   757 Aug  9  2012 id_rsa.pub
-rw-r--r--. 1 root root 11071 May  8 09:42 known_hosts

When checking permissions don't forget to check permissions on parent
directories (all levels up to the /). E.g., if your home directory is
world writable, ssh will ignore authorized_keys as well, as the above
permissions _can_ be changed by everybody. The same is true if / is
ridiculously world writable (I've never seen that myself, but I do mean:
check all levels of what the path ~/.ssh is).

It's not clear from your description, but I'm sure you have the following
right: id_rsa and id_rsa.pub is a pair you have on local machine (the one
you ssh from). autorized_keys is on the remote machine (the one you
connect to), and it contains the contents of id_rsa.pub that you have on
local machine (i.e. you copied id_rsa.pub from local machine to remote and
dumped it into ~/.ssh/autorized_keys on it).

I would also check that in sshd config file (usually:
/etc/ssh/sshd_config) on remote machine you do have line

PubkeyAuthentication yes

Good luck!

Valeri


The password-less connections complete in any case but I am perplexed
as to what is the problem with the root identity key that ssh is
reporting.

Can anyone explain to me what this means?
Also check that the selinux context on all files and directories are set to "ssh_home_t". 

From the home dir:

#chcon -R -t ssh_home_t .ssh

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux