Re: Passwordless ssh

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, Feb 1, 2010 at 6:49 PM, Warren Michelsen <Warren@xxxxxxxxxxxxx> wrote:
> On Mac OS, in order to allow ssh using dsa keys, I would copy
> ~/.ssh/id_dsa.pub from my machine into ~/.ssh/authorized_keys of the
> target machine. I've created .ssh directories in my account home as
> well as in /root and copied the respective keys to authorized_keys
> files in each.
>
> Strangely, I can now ssh as root with no password but my own user
> account still prompts for a password. What might be wrong?
>
>
> Interestingly, passwordless root ssh log-in worked while
> 'PermitRootLogin' in /etc/ssh/sshd_config was just 'yes' and before I
> changed it to 'without-password'.

Check the permission all your top level directories and the .ssh
directories and it's files.

Basically,  group and other writes are forbidden since it would allow
other people to change your keys.

If you're allowing the use of passwords and keys, then it's just
falling back to passwords because the permissions are incorrect.

And I presuming the secret key is not encrypted, i.e., you never set a
passphrase - hence the root login works without a password since the
permissions are correct for key exchange.

Also, on Redhat/Centos/Solaris machines, it's

    PermitRootLogin no

or

    PermitRootLogin yes

and not

     PermitRootLogin without-password

There should be separate entry for passwords

     PermitEmptyPasswords no

You have to be barking mad to allow root connections - or any
connection - with an empty passwords.

Note, this isn't Mac mailing list so your mileage will vary. Without a
sshd_config file it's hard to help you.


-- 
      Enjoy global warming while it lasts.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux