# autorized_keys problem

## creack

Hi,

I would like to access my gentoo server without password, so I tried to set up a rsa authentification.

from my server to my home (ubuntu) I have no probleme, from my from to my home, it works fine too (ssh localhost) but:

From my home to my server and from my server to my server (ssh localhost) it always my password  :Sad:  I don't understand why

Here what I did :

ssh-keygen

cat id_rsa.pub > authorized_keys

ssh localhost

ssh-keygen

scp id_rsa.pub myserver:.ssh/authorized_keys

ssh myserver

I also tried with dsa but it is the same.

Do I do something wrong? why do it works on ubuntu and not on gentoo? Maybe I need to configure something on my system?

----------

## arnvidr

You need both keys on both machines, it looks like you now only have the home machine key on both machines, but none of them have the server key.

----------

## creack

???

What do you mean? I need private AND public key on both side???

and anyway, even on local, it doesn't work so in that case I have both keys on both sides.

----------

## arnvidr

I mean, from the commands you posted, it looks like you put your home machine public key first on your home machine and then on your server, but you also need to put the public key of your server on both machines. If you already did this I apologise.

----------

## creack

Ok I see, but indeed I already did it  :Sad: 

 *creack wrote:*   

> 
> 
> #One test :
> 
> ssh-keygen #generate key pair
> ...

 

And it works perfectly fine on ubuntu  :Sad:  I don't understand why it doesn't work on gentoo.

----------

## arnvidr

But that only gives "myserver" access to "localhost" since now both localhost and myserver has localhost's public key. You need to log in to myserver and generate its public key, and put that into the authorized_keys files on both myserver and localhost. Take care not to overwrite the keys already there, that is, use ">>" instead of ">" when using cat, to append the key.

Again, apologies if I misunderstood what you have been doing.

----------

## creack

I know I overwrite key with '>' but it is not the issue.

and yes that is what I want to do, grant acces to 'myserver' to 'localhost' but it doesn't work.

When this will work, I think I'll have no probleme to make it woring remotly.

----------

## krinn

if the user is root, you need to set PermitRootLogin yes

else the server will always refuse connection.

----------

## creack

The user is not root. I have no probleme accessing the server, it is just that it does not use the PKI  :Sad: 

----------

## arnvidr

 *creack wrote:*   

> I know I overwrite key with '>' but it is not the issue.
> 
> and yes that is what I want to do, grant acces to 'myserver' to 'localhost' but it doesn't work.
> 
> When this will work, I think I'll have no probleme to make it woring remotly.

 

Have you done the steps you describe above *on the server*? That is, take the public key on the server and copy into authorized_keys on both machines?

----------

## Hu

Please post the exact shell commands executed, including any output generated, from the time you generate a key through to and including when the server is supposed to accept that key.  Please also post the output of ls -la ~/.ssh/ on both machines.  Finally, consider using ssh verbose mode to determine whether the client is offering the public key at all.

----------

## creack

$>rm -rf ~/.ssh

$>mkdir ~/.ssh

$>chmod 700 ~/.ssh

$>cd ~/.ssh

$>ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/home/creack/.ssh/id_rsa): 

Enter passphrase (empty for no passphrase): 

Enter same passphrase again: 

Your identification has been saved in /home/creack/.ssh/id_rsa.

Your public key has been saved in /home/creack/.ssh/id_rsa.pub.

The key fingerprint is:

1f:60:22:be:5b:78:e5:67:ca:97:ce:19:f7:5a:9a:50 creack@GLPIdev

The key's randomart image is:

+--[ RSA 2048]----+

|                 |

|                 |

|    . . o        |

|   . . o .       |

|    .   S . E    |

|     o o . o     |

|    o o . *.. .  |

|     + . =o= =   |

|    .   oo+ +..  |

+-----------------+

$> cat id_rsa.pub >> authorized_keys

$> chmod 600 *

$> ls -la ~/.ssh

total 24

drwx------  2 creack 4096 2010-05-21 06:26 .

drwxr-xr-x 19 creack 4096 2010-05-21 06:26 ..

-rw-------  1 creack  403 2010-05-21 06:26 authorized_keys

-rw-------  1 creack 1675 2010-05-21 06:26 id_rsa

-rw-------  1 creack  403 2010-05-21 06:26 id_rsa.pub

$> ssh localhost

The authenticity of host 'localhost (127.0.0.1)' can't be established.

RSA key fingerprint is 7e:3a:c6:bb:d8:06:0f:a1:1a:4d:ca:e0:d3:70:96:6f.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'localhost' (RSA) to the list of known hosts.

Password:

How do I use ssh verbose mode?? and once again, it works pefectly fine on ubuntu  :Sad: 

----------

## krinn

ssh -vvv localhost

----------

## creack

I am not a specialist, but it seems good to me

debug1: Offering public key: /home/creack/.ssh/id_rsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Authentications that can continue: publickey,keyboard-interactive

Here the full debug :

 *Quote:*   

> 
> 
> OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
> 
> debug1: Reading configuration data /etc/ssh/ssh_config
> ...

 

----------

## krinn

check your sshd log because server don't reply to your key, here's mine (well, part where it differ from you)

```
debug1: Authentications that can continue: publickey,keyboard-interactive

debug1: Offering public key: /root/.ssh/id_rsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Server accepts key: pkalg ssh-rsa blen 149

debug2: input_userauth_pk_ok: fp a9:a1:a2:a2:a8:af:a3:a3:a7:a2:ac:a3:a6:a7:a6:a5

debug3: sign_and_send_pubkey

debug1: read PEM private key done: type RSA

debug1: Authentication succeeded (publickey).

debug1: channel 0: new [client-session]

debug3: ssh_session2_open: channel_new: 0

```

----------

## creack

Oh my gauch, I am so sorry to have bothered you  :Sad: . It is my ISP server's distrib and they changed sshd config

there was this on config file :

AuthorizedKeysFile      .ssh/authorized_keys2

.. I changed it for 

AuthorizedKeysFile      .ssh/authorized_keys

and it works perfectlyy fine.

I am sorry I didnt checked that before.

Thank you for your attention.

----------

