- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: ssh without password but with differenct accou...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2005 08:26 PM
05-15-2005 08:26 PM
ssh could login without password through the public/private key pair. But if the local account and remote account are different,how to use the pk authentication. Thank you!!
steven chang
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2005 08:39 PM
05-15-2005 08:39 PM
SolutionTo do password-less SSH login's, the remote-user must have an entry in their 'authorized_keys' file that matchines the user you are coming from.
i.e. from:
johnsmith@machine1:
has a key generated in ~/.ssh/id_rsa.pub
The line from here needs to be in:
remoteuser@machine2: ~/.ssh/authorized_keys
SSH doesn't care what user you're coming from or going too (apart from if you omit the user when ssh'n to a machine).
Just remember to 'ssh remoteuser@machine2' and you'll be fine.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2005 09:05 PM
05-15-2005 09:05 PM
Re: ssh without password but with differenct account
here is the oracle authorized_keys2
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1kbKhVVdEfs8ItqrPoLoyQxTfuUuoYmwU3fbpY6ZTm3dVWJKTxcJvl9wxyIbfs4zLqZOBBogrFi
Iyq7hkZyPzz1MAJiZCnpco7QCDMv4kNcoWMMEu5CZkznMeUKrQ0AdIcoqmwRdK/E4WhLHZcvdzCZqQ2x7P3+1aOIJHZwjaWU= root@aptest
but use the command
ssh -l oracle dbtest
or ssh oracle@dbtest
sshd would prompt the password request
if the same authorized_keys2 file in the root .ssh directory , it's ok, no password prompt
steven
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2005 09:45 PM
05-15-2005 09:45 PM
Re: ssh without password but with differenct account
I think i need hostbase ssh authentication. Does anybody get the document? Thank you
steven
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2005 10:25 PM
05-15-2005 10:25 PM
Re: ssh without password but with differenct account
And why are you using 'authorized_keys2' and not just 'authorized_keys' ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2005 11:05 PM
05-15-2005 11:05 PM
Re: ssh without password but with differenct account
Passwordless SSH using public/private keys
Including how to set up rsync and unison (syncronisation software)
Here is a list of the steps that I had to do to get automatic replication of /home/folder1 (or any other folder) on one server to /home/folder2 on another server:
Passwordless SSH
To get replication working securly you firstly need to be able to connect via SSH without using passwords:
First server setup
ssh-keygen -t dsa(press enter twice to give a blank password)
cd
cd .ssh
vi .configPress "i" to enter insert mode and copy this into the file:
Host remotehost
User remoteuser
Compression yes
Protocol 2
RSAAuthentication yes
StrictHostKeyChecking no
ForwardAgent yes
ForwardX11 yes
IdentityFile /home/localuser/.ssh/id_remotehost_dsaDo NOT change the last line - it is supposed to say remotehost (not an actual host name). the remoteuser specify as the other username Now,
:wq(save and exit vi)
vi id_dsa.pubIt should look like this:
ssh-dss AAAA..............v root@HOSTNAMEOFSRV01where there is lots of random letters/numbers where the dots are. Select it all and copy it. Make sure that it is all on one line with no spaces at the start or finish (which will happen if you copy it using putty on windows; test it by pasting it into notepad)
Tip: To copy from putty on windows select the text from within vi and pres Ctrl + Shift. To paste text enter insert mode and press the right mouse button. (best way would be to copy the file through scp)
Second Server Setup
cd
vi .ssh/authorized_keysEnter insert mode (press i) and paste the key, again ensuring that there are no spare newlines or spaces. Save the file and exit vi (press :wq then return, as above)
Testing passwordless SSH
On the first server, type
ssh -l other_user_name srv02
Regards,
Naveej
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-16-2005 01:07 AM
05-16-2005 01:07 AM
Re: ssh without password but with differenct account
I user athorized_keys2 because using"
ssh-keygen -t rsa" to generate the pubkey/private key pair
steven
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-16-2005 02:11 AM
05-16-2005 02:11 AM
Re: ssh without password but with differenct account
So you are saying the same public key works from root login and not from oracle login, correct?
try ssh -vvv oracle@dbtest and paste the output here, let us see whether we can find something from there.
Also one more thing to check is the file permission and ownership of the .authorized_keys2
I believe SSH requires 600 permission for .authorized_keys2, check that out too.
Hope this helps,
Gopi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-16-2005 03:02 AM
05-16-2005 03:02 AM
Re: ssh without password but with differenct account
here is the debug messsage, when I use rsa or dsa, ssh could not find the id_rsa or id_dsa, only could be rsa1, my client is unixware 7.1.1 , I think it's the cypher/decyper problem, but it's still could not use public key through identity.pub
==============================
ssh -v tmsap2
OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to tmsap2 [172.26.33.23] port 22.
debug1: Connection established.
debug1: identity file /home/oracle/.ssh/identity type 0
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'tmsap2' is known and matches the RSA host key.
debug1: Found key in /home/oracle/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: publickey
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: password
oracle@tmsap2's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
steven
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-16-2005 03:14 AM
05-16-2005 03:14 AM
Re: ssh without password but with differenct account
I am really could not find anything from this output, i am sorry. Can you please try with debug level 3 (ssh -vvv oracle@host). Also check the /var/log/messages and /var/log/secure on the SSH server to find out is there any error messages reported there.
Also did you change the permission of the file .authorized_keys2 on the server and see whether it helped.
I dont think this is related to cipher problem or server problem because you said it works fine when you put this file in /root/ directory and login as root.
Also, do not add the log output to message body, rather attach it as attachment.
Regards,
Gopi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-16-2005 04:42 AM
05-16-2005 04:42 AM
Re: ssh without password but with differenct account
here is the v3 for dsa trace and rsa1 trace, i don't know why client sending public key authetication , and the server not responding. Therefore, ssh would choose password authentication. This is the same user for client and server. The previous situation I mentioned before is for tow linux system for different user.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-16-2005 10:40 PM
05-16-2005 10:40 PM
Re: ssh without password but with differenct account
There are few observations made in this long output.
* SSH tries to use the file named identity as your key file, this is mentioned so in ssh_config file, please uncomment it so that SSH will decide on which file to use for private key and public key
* remove spaces before each newly uncommented variable in your configuration file.
* identity file is used if SSH protocol version 1 is being used by server and client, to force the server to deal only with protocol 2 then try with -2 option in ssh.
Regards,
Gopi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2005 01:44 AM
05-17-2005 01:44 AM
Re: ssh without password but with differenct account
-i identity_file
Selects a file from which the identity (private key) for RSA or DSA authentication is read. The default is $HOME/.ssh/identity for protocol version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for protocol version 2. Identity files may
also be specified on a per-host basis in the configuration file. It is possible to
have multiple -i options (and multiple identities specified in configuration files).