You will probably find that you have used "teddys" public key in each of
bears ~/.ssh/authorized_keys files and have teddys corresponding id_rsa
(the private key file) in each of the ~/.ssh/ directories.
the id_rsa.pub file should have no bearing on anything, as this is simply
the text that is supposed to be added to the authorized_keys file.
I'm guessing you just copied everything, including the private key, off the
teddy server and this is why its authing with no password.
As someone suggested, use the -v option to ssh to see what files its using.
To stop this happening remove the private key files from each of the bear
servers ~/.ssh/ directories.
On Wed, May 15, 2013 at 2:10 PM, P.K.Bidalia <pktata07@xxxxxxxxx> wrote:
> Hi Brandon,
>
> Have you checked the "bear" a/c home dir as Harry suggested. Check
> ".ssh/authorized_keys"
> on bear's home dir.
> If its not working try ssh with -v option to debug. It will show you from
> which key it authenticates.
>
>
> Regards
> Pravesh Kumar
>
>
>
> On Tue, May 14, 2013 at 10:08 PM, Lucas, Brandon <Brandon.Lucas@xxxxxxxxx
> >wrote:
>
> > Hi all -
> >
> > I have a question about SSH that I can't seem to figure out. Here is the
> > situation:
> >
> > 4 servers on RHEL 6.3
> >
> > One server has a local account ("teddy"). SSH key pairs have been set up
> > between this "teddy" account and the other 3 servers on a different local
> > account common to the other 3 servers ("bear"), but not present on the
> > "teddy" server. These 3 servers do not have a "teddy" account.
> >
> > Now, I am able to ssh without password between the 3 "bear" servers using
> > the "bear" account without a password. This behavior is undesired as it
> > bypasses some key controls.
> >
> > I figure what must be happening here is that since the 3 "bear" servers
> > have the same public key that points to the "teddy" server, they must be
> > using that fourth server as some type of "witness" to verify the identity
> > of the user making the ssh connection, bypassing the password for the
> > "bear" account. I have disabled AgentForwarding on all 4 servers in
> > question, as well as X11Forwarding. This has not helped.
> >
> > What is going on here and how do I avoid it?
> >
> > Brandon
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
