# ssh passwordless loggin [solved]

## Bullet Dodger

I'm trying to setup a passwordless login between 2 machines.

From a gentoo box to an iphone.

I've had this working before, but i had to restore the phone and now i'm having problems setting it up again.

I've tried following a howto at: https://help.ubuntu.com/community/PortableDevices/iPhone but still not working.

If i run throught this howto this is wot i get:

```

lee@gentoobox ~ $ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/lee/.ssh/id_rsa): 

/home/lee/.ssh/id_rsa already exists.

Overwrite (y/n)? y

Enter passphrase (empty for no passphrase): [just pressed enter for no passwd]

Enter same passphrase again: 

Your identification has been saved in /home/lee/.ssh/id_rsa.

Your public key has been saved in /home/lee/.ssh/id_rsa.pub.

The key fingerprint is:

7f:b3:60:05:7f:42:c7:50:32:ff:1c:95:35:c4:15:c7 lee@gentoobox

```

```

lee@gentoobox ~ $ ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.2.2

25

root@192.168.2.2's password: 

Now try logging into the machine, with "ssh 'root@192.168.2.2'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

```

The howto says: NOTE: The following steps do NOT apply to Ste's OpenSSH package - I have openSSH, but is there more than 1 version?

I don't know if i've got Ste's version, so just to make sure, i make a link (carn't hurt)

```

Lee:~/.ssh root# pwd

/var/root/.ssh

Lee:~/.ssh root# ls

authorized_keys

Lee:~/.ssh root# ln -s authorized_keys authorized_keys2

Lee:~/.ssh root# ls -alF

total 8

drwx------ 2 root wheel 136 May 18 00:51 ./

drwxrwxrwx 5 root wheel 272 May 17 23:31 ../

-rw------- 1 root wheel 389 May 18 00:36 authorized_keys

lrwxr-xr-x 1 root wheel  15 May 18 00:51 authorized_keys2 -> authorized_keys

```

```

lee@gentoobox ~ $ ssh root@192.168.2.2

root@192.168.2.2's password: 

```

Everything should be setup at this point for a passwordless login as i've already went through the config file stuff on the iphone, but it's still asking for a passwd.

the howto says to edit the file /etc/sshd_config this doesn't exist, but /etc/ssh/sshd_config does, so i set up a link just to make sure:

```

Lee:~ root# cd /etc

Lee:/etc root# ls -alF|grep ssh

drwxr-xr-x  2 root  wheel    374 May 16 15:24 ssh/

lrwxr-xr-x  1 root  wheel     15 May 17 23:56 sshd_config -> ssh/sshd_config

```

And this is the /etc/ssh/sshd_config 

```

Lee:/etc root# cat /etc/ssh/sshd_config 

#       $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $

# This is the sshd server system-wide configuration file.  See

# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented.  Uncommented options change a

# default value.

#Port 22

#AddressFamily any

#ListenAddress 0.0.0.0

#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new

# installations. In future the default will change to require explicit

# activation of protocol 1

Protocol 2

# HostKey for protocol version 1

HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 1h

#ServerKeyBits 768

# Logging

# obsoletes QuietMode and FascistLogging

#SyslogFacility AUTH

#LogLevel INFO

# Authentication:

#LoginGraceTime 2m

#PermitRootLogin yes

#StrictModes yes

#MaxAuthTries 6

RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile      .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication no

# similar for protocol version 2

#HostbasedAuthentication no

# Change to yes if you don't trust ~/.ssh/known_hosts for

# RhostsRSAAuthentication and HostbasedAuthentication

#IgnoreUserKnownHosts no

# Don't read the user's ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!

#PasswordAuthentication yes

#PermitEmptyPasswords no

# Change to no to disable s/key passwords

#ChallengeResponseAuthentication yes

# Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#KerberosGetAFSToken no

# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,

# and session processing. If this is enabled, PAM authentication will

# be allowed through the ChallengeResponseAuthentication and

# PasswordAuthentication.  Depending on your PAM configuration,

# PAM authentication via ChallengeResponseAuthentication may bypass

# the setting of "PermitRootLogin without-password".

# If you just want the PAM account and session checks to run without

# PAM authentication, then enable this but set PasswordAuthentication

# and ChallengeResponseAuthentication to 'no'.

#UsePAM no

#AllowTcpForwarding yes

GatewayPorts clientspecified

X11Forwarding yes

#X11DisplayOffset 10

#X11UseLocalhost yes

#PrintMotd yes

#PrintLastLog yes

#TCPKeepAlive yes

#UseLogin no

UsePrivilegeSeparation no

#PermitUserEnvironment no

#Compression delayed

#ClientAliveInterval 0

#ClientAliveCountMax 3

UseDNS no

#PidFile /var/run/sshd.pid

#MaxStartups 10

#PermitTunnel no

# no default banner path

#Banner /some/path

# override default of no subsystems

Subsystem       sftp    /usr/libexec/sftp-server

# Example of overriding settings on a per-user basis

#Match User anoncvs

#       X11Forwarding no

#       AllowTcpForwarding no

#       ForceCommand cvs server

```

The local id_rsa.pub

```

lee@gentoobox ~ $ cat ~/.ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvJwMv31lAPYFCBnu/fP4bebC0rIOZ4uudX4bw

RU8mERk6REeJzdOMebFRNoKd/+n9pUeqFcduM4kfcHqwDlmbK7nV3t+h6ZjRIVJJVQhxVPqF

nKrlFa4jQ05Awf8uwklspz3gCAW8VbUN5DPGFUE3L8oqULzS1lGvu1xom3FAvneO110wk45X5

K7Ci/ihcrmeapAFdlLiq9hPoK+CvejgVY9dokoqIBzBSDkQEUoib8TTeRd9PF1e6l/eBudAE4uW

faQ8VEGCjQnm9hA0Rh+jLm34SzLyAPSl64Qhxj4Rge093xtxJBdD0Z3n9ciypPp6hlImHspNr

KOnMvzLYOn1Q== lee@gentoobox
```

I don't have a ~/.ssh/authenticated_keys on the phone - I think this is a typo on the howto, but just in case:

```

Lee:~/.ssh root# ln -s authorized_keys authenticated_keys

Lee:~/.ssh root# ls -alF

total 12

drwx------ 2 root wheel 170 May 18 00:56 ./

drwxrwxrwx 5 root wheel 272 May 17 23:31 ../

lrwxr-xr-x 1 root wheel  15 May 18 00:56 authenticated_keys -> authorized_keys

-rw-r--r-- 1 root wheel 389 May 18 00:36 authorized_keys

lrwxr-xr-x 1 root wheel  15 May 18 00:51 authorized_keys2 -> authorized_keys

```

```

Lee:~/.ssh root# cat authenticated_keys

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvJwMv31lAPYFCBnu/fP4bebC0rIOZ4uudX4bwRU8m

ERk6REeJzdOMebFRNoKd/+n9pUeqFcduM4kfcHqwDlmbK7nV3t+h6ZjRIVJJVQhxVPqFnKrlFa4jQ05

Awf8uwklspz3gCAW8VbUN5DPGFUE3L8oqULzS1lGvu1xom3FAvneO110wk45X5K7Ci/ihcrmeapA

FdlLiq9hPoK+CvejgVY9dokoqIBzBSDkQEUoib8TTeRd9PF1e6l/eBudAE4uWfaQ8VEGCjQnm9hA0

Rh+jLm34SzLyAPSl64Qhxj4Rge093xtxJBdD0Z3n9ciypPp6hlImHspNrKOnMvzLYOn1Q== lee@gentoobox

```

And the last this the howto says to check is the permissions:

```

Lee:/var root# ls -alF|grep root/

drwxrwxrwx  5 root       wheel  272 May 17 23:31 root/

Lee:/var root# cd root

Lee:~ root# ls -alF|grep .ssh

drwx------  2 root   wheel     170 May 18 00:56 .ssh/

Lee:~ root# cd .ssh

Lee:~/.ssh root# ls -alF      

total 12

drwx------ 2 root wheel 170 May 18 00:56 ./

drwxrwxrwx 5 root wheel 272 May 17 23:31 ../

lrwxr-xr-x 1 root wheel  15 May 18 00:56 authenticated_keys -> authorized_keys

-rw-r--r-- 1 root wheel 389 May 18 00:36 authorized_keys

lrwxr-xr-x 1 root wheel  15 May 18 00:51 authorized_keys2 -> authorized_keys

```

Where am i going wrong?

Cheers

BD

fixed long lines --bunderLast edited by Bullet Dodger on Mon May 26, 2008 10:16 pm; edited 1 time in total

----------

## mv

You should use options -v (or -v -v or -v -v -v): This should give a hint what goes wrong.

Anyway, immediately I see that

 *Bullet Dodger wrote:*   

> 
> 
> ```
> 
> Lee:/var root# ls -alF|grep root/
> ...

 

is not good as ssh is very picky about permissions of the home directory: It must not be writable by "group" (and of course not by "others").

----------

## zeek

 *Bullet Dodger wrote:*   

> And the last this the howto says to check is the permissions:
> 
> ```
> 
> Lee:/var root# ls -alF|grep root/
> ...

 

authorized_keys needs to be 0400:

```
chmod 400 authorized_keys
```

----------

## Bullet Dodger

I changed the permission of the home dir and now all is good.

I didn't need to chenge the persission of the authorized_keys.

Cheers

----------

