Thanks guys by checking permissions on /home/deploy/.ssh directory I can see
that the owner was root and that was the cause of the issue, setting that to
deploy allow me to connect from server-1 to server-2 successfully
Kind regards,
> -----Original Message-----
> From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On
> Behalf Of Clint Dilks
> Sent: Monday, November 2, 2015 11:08 PM
> To: CentOS mailing list <centos@xxxxxxxxxx>
> Subject: Re: SSH login between servers still asking for password,
> why?
>
> Hi
>
> On Tue, Nov 3, 2015 at 4:56 PM, Reynier Perez Mira <reynierpm@xxxxxxxxx>
> wrote:
>
> > I have two servers identified as `server-1 - 192.168.3.128` and
> > `server-2 - 192.168.3.130`. I am setting up `capifony` for automatic
> > deployment from
> > server-1 to server-2 and this is what I have done so far:
> >
> > 1. In both servers I have created a user `deploy` without password
> > since that's the user I will use for deployment.
> > 2. In server-1 I setup a SSH keys by running the command:
> > `ssh-keygen` and I leave without pass-phrase and default directories.
> > 3. I have copied the content of `/home/deploy/.ssh/id_rsa.pub` at
> > server-1 into server-2 at `/home/deploy/.ssh/authorized_keys`.
> > 4. From server-1 I try to reach server-2 by running `ssh
> > deploy@192.168.3.130` and it's asking for a password (below is the
> > output)
> >
> >
> /var/log/secure should give you an indication of why the key is not being
> accepted. But you may have to turn the log level up.
>
> But initial thoughts are that it is likely to be a permissions problem the
> ~deploy/.ssh directory needs to be 700 If you are using SE Linux then you
> may want to try doing restorecon -Rv ~deploy/.ssh
>
>
>
>
>
>
> > $ ssh deploy@192.168.3.130
> > The authenticity of host '192.168.3.130 (192.168.3.130)' can't
> > be established.
> > RSA key fingerprint is
> > 3c:81:da:7a:78:0f:b0:2f:44:3b:62:fb:c9:6f:33:86.
> > Are you sure you want to continue connecting (yes/no)? yes
> > Warning: Permanently added '192.168.3.130' (RSA) to the list
> > of known hosts.
> > deploy@192.168.3.130's password:
> >
> > This is the `-v` output of the command above:
> >
> > OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug1: Applying options for *
> > debug1: Connecting to 192.168.3.130 [192.168.3.130] port 22.
> > debug1: Connection established.
> > debug1: identity file /home/deploy/.ssh/identity type -1
> > debug1: identity file /home/deploy/.ssh/identity-cert type -1
> > debug1: identity file /home/deploy/.ssh/id_rsa type 1
> > debug1: identity file /home/deploy/.ssh/id_rsa-cert type -1
> > debug1: identity file /home/deploy/.ssh/id_dsa type -1
> > debug1: identity file /home/deploy/.ssh/id_dsa-cert type -1
> > debug1: identity file /home/deploy/.ssh/id_ecdsa type -1
> > debug1: identity file /home/deploy/.ssh/id_ecdsa-cert type -1
> > debug1: Remote protocol version 2.0, remote software version
> > OpenSSH_5.3
> > debug1: match: OpenSSH_5.3 pat OpenSSH*
> > debug1: Enabling compatibility mode for protocol 2.0
> > debug1: Local version string SSH-2.0-OpenSSH_5.3
> > debug1: SSH2_MSG_KEXINIT sent
> > debug1: SSH2_MSG_KEXINIT received
> > debug1: kex: server->client aes128-ctr hmac-md5 none
> > debug1: kex: client->server aes128-ctr hmac-md5 none
> > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> > debug1: Host '192.168.3.130' is known and matches the RSA host key.
> > debug1: Found key in /home/deploy/.ssh/known_hosts:1
> > debug1: ssh_rsa_verify: signature correct
> > debug1: SSH2_MSG_NEWKEYS sent
> > debug1: expecting SSH2_MSG_NEWKEYS
> > debug1: SSH2_MSG_NEWKEYS received
> > debug1: SSH2_MSG_SERVICE_REQUEST sent
> > debug1: SSH2_MSG_SERVICE_ACCEPT received
> > debug1: Authentications that can continue:
> > publickey,gssapi-keyex,gssapi-with-mic,password
> > debug1: Next authentication method: gssapi-keyex
> > debug1: No valid Key exchange context
> > debug1: Next authentication method: gssapi-with-mic
> > debug1: Unspecified GSS failure. Minor code may provide more
> > information
> > Cannot determine realm for numeric host address
> >
> > debug1: Unspecified GSS failure. Minor code may provide more
> > information
> > Cannot determine realm for numeric host address
> >
> > debug1: Unspecified GSS failure. Minor code may provide more
> > information
> >
> >
> > debug1: Unspecified GSS failure. Minor code may provide more
> > information
> > Cannot determine realm for numeric host address
> >
> > debug1: Next authentication method: publickey
> > debug1: Trying private key: /home/deploy/.ssh/identity
> > debug1: Offering public key: /home/deploy/.ssh/id_rsa
> > debug1: Authentications that can continue:
> > publickey,gssapi-keyex,gssapi-with-mic,password
> > debug1: Trying private key: /home/deploy/.ssh/id_dsa
> > debug1: Trying private key: /home/deploy/.ssh/id_ecdsa
> > debug1: Next authentication method: password
> > deploy@192.168.3.130's password:
> >
> > Why? What I am doing wrong?
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > https://lists.centos.org/mailman/listinfo/centos
> >
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
