Operating System - Linux
1839307 Members
2558 Online
110138 Solutions
New Discussion

Problem With Gentoo Keychain and SSH

 
Andrew Kaplan
Super Advisor

Problem With Gentoo Keychain and SSH

I have Gentoo Keychain 2.0.2 running on a Red Hat Linux 8.0 server. The idea is to automate the ssh login process to an HP-UX 10.20 machine.
The keys that were created on the Linux server was copied to the .ssh subdirectory under the appropriate user's home directory on the HP-UX machine. Their names are:
authorized_keys
authorized_keys2
id_dsa
id_dsa.pub
identity
identity2
The problem is the following: The entire login process is supposed to be automated. However, every time the user account logs in, it is prompted for the password. What configuration change must I do to have the login process completely automated?
A Journey In The Quest Of Knowledge
9 REPLIES 9
Steven E. Protter
Exalted Contributor

Re: Problem With Gentoo Keychain and SSH

Ive done what you wish to do.

Attached is a cookbook to help.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Sergejs Svitnevs
Honored Contributor

Re: Problem With Gentoo Keychain and SSH

You can use quick login with ssh client keys.
Check this link:
http://hacks.oreilly.com/pub/h/66

Regards,
Sergejs
Andrew Kaplan
Super Advisor

Re: Problem With Gentoo Keychain and SSH

Steve,

I ran through the procedure that you sent me, but unfortunately I was still prompted for a password from both the linux server and the hp-ux box.
A Journey In The Quest Of Knowledge
Goran Koruga
Honored Contributor

Re: Problem With Gentoo Keychain and SSH

Andrew,

there are two things here - one is the login password, the other is pass-phrase for your key. Create a key without pass-phrase if you want a totally automated login procedure.

You can also use ssh-agent which provides greater flexibility. See man page for more info.

HTH,
Goran
Chris Vail
Honored Contributor

Re: Problem With Gentoo Keychain and SSH

Let me point out that you absolutely MUST set the ownership and permissions as I wrote in the procedure that Stephen Protter posted. Failing to do so results in the symptoms you mention: that you get prompted for a password.

Chris
Andrew Kaplan
Super Advisor

Re: Problem With Gentoo Keychain and SSH

Chris,

Thanks for your e-mail. I checked the permission settings on the user's home directory as well as the .ssh directory. Everything matches up ac-cording to your instructions. I'm not sure why this isn't working.
A Journey In The Quest Of Knowledge
Andrew K Mirza
New Member

Re: Problem With Gentoo Keychain and SSH

Andrew,

I am by no means an expert in this area but I outline my "solution" to the problem you describe - assuming you haven't solved it since your last message.

I have had a very similar
problem using Keychain 2.0.2 running on Red Hat Linux 8.0; following each of the steps you have outlined, and those described by Chris (re directory permissions). My links are between three linux PCs.

I have managed to perform the passwordless connections to each machine. After much searching WWW, I came across some instructions by Dennis Gallard at http://oceanpark.com/notes/howto_ssh_keychain_public_key_authentication_forwarding.html.
In particular I followed the instructions for modifying the ssh_config and sshd_config files. I then initiated keychain and used ssh-add to add my keys. Ensured that the authorised_keys/2 files were the same on each box. Once this was completed I found that I had the sought after "passwordless" connections.

But - there has to be one -:

I find that each time I start a new xterm window I have source the ~/.keychain/*-sh file.

I also note that on one of my linux boxes each time I re-login, keychain or "some process" initiates a new ssh-agent but the file ~/.keychain/*-sh is not updated.

I find that keychain does not stop all ssh-agent process nor does it delete all the files of the form /tmp/ss-XX??????/agent.PID

I have not yet tried running ssh from a cron job. I need to connect automatically to each machine for data transfers - for security reasons the machines are not cross-mounted - so scp was deemed better than ftp.

Hope this makes sense and is of assistance to you.

Regards,

Andrew K Mirza

Steve Post
Trusted Contributor

Re: Problem With Gentoo Keychain and SSH

I don't know what a gentoo keychain is. But I have the same problem with getting ssh to let me go from box A to B without a password.
I looked at the attached text and got the gist of the help. But the text did not work as written.
Here are things that kept it from working:

I am a user on box A, trying to get to box B.
step 0. I verify box A and box B have their name's resolved properly. In my case, box B did not recognize the Box A's hostname. (and visa-versa).

1. I make id_dsa.pub. How?
/opt/ssh/bin/ssh-keygen -t dsa

2. I mess around with the user's directory on box B.
B User's home directory: rwx r-x r-x.
B User's ssh directory: rwx --- ---.

3. APPEND A user's id_dsa.pub text into B user's .ssh/authorized_keys2.
B User's .ssh/authorized_keys2 r-- --- ---.

4. NOW... I try it.
from A> ssh -2 user@B
I get a request for a pass phrase instead of a password.
For me, the thing that kept it dying was the permissions on the user's home directory. But (ssh -vvv) didn't tell me that. EXPERIMENTATION found it.

hope this helps.
Steve
Steve Post
Trusted Contributor

Re: Problem With Gentoo Keychain and SSH

remember points????