# passwordless ssh

## puggy

I set up password less ssh, and I'm sure it was working, but now every time I log in I have to type in my passphrase.

Ok. a quick example...

```

puggy@aragorn .ssh $ ssh legolas

Enter passphrase for key '/home/puggy/.ssh/id_rsa':

Last login: Fri Apr  4 22:17:10 2003 from aragorn.fellowship.com

KeyChain 2.0.1; http://www.gentoo.org/projects/keychain

 Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL

 * Found existing ssh-agent at PID 13176

```

then you'd think next time I logged in it would remember me (although it should have remembered me this time as the ssh-agent already exists)... but the exact same thing happens.

Ignoring dss for now (I had that in as well but removed it to see if that was playing up, which it wasn't.) Here are my config files:

On the machine I'm trying to ssh into:

/etc/ssh/sshd_config

```

#       $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $

# This is the sshd server system-wide configuration file.  See

# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented.  Uncommented options change a

# default value.

#Port 22

#Protocol 2,1

#ListenAddress 0.0.0.0

#ListenAddress ::

# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 3600

#ServerKeyBits 768

# Logging

#obsoletes QuietMode and FascistLogging

#SyslogFacility AUTH

#LogLevel INFO

# Authentication:

#LoginGraceTime 120

#PermitRootLogin yes

#StrictModes yes

#RSAAuthentication yes

#PubkeyAuthentication yes

#AuthorizedKeysFile     .ssh/authorized_keys

# rhosts authentication should not be used

#RhostsAuthentication no

# Don't read the user's ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication no

# similar for protocol version 2

#HostbasedAuthentication no

# Change to yes if you don't trust ~/.ssh/known_hosts for

# RhostsRSAAuthentication and HostbasedAuthentication

#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!

#PasswordAuthentication yes

#PermitEmptyPasswords no

# Change to no to disable s/key passwords

#ChallengeResponseAuthentication yes

# Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver

#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication

# Warning: enabling this may bypass the setting of 'PasswordAuthentication'

#PAMAuthenticationViaKbdInt no

X11Forwarding yes

#X11DisplayOffset 10

#X11UseLocalhost yes

#PrintMotd yes

#PrintLastLog yes

#KeepAlive yes

#UseLogin no

#UsePrivilegeSeparation yes

#PermitUserEnvironment no

#Compression yes

#MaxStartups 10

# no default banner path

#Banner /some/path

#VerifyReverseMapping no

# override default of no subsystems

Subsystem       sftp    /usr/lib/misc/sftp-server

```

The .ssh directory on my user on that machine:

```

puggy@legolas .ssh $ ls -all

total 18

drwx------    2 puggy    users         168 Apr  4 20:34 .

drwx--x--x    7 puggy    users         640 Apr  4 22:20 ..

-rw-r--r--    1 puggy    users         238 Mar 28 12:34 authorized_keys

-rw-------    1 puggy    users         951 Mar 28 12:45 id_rsa

-rw-r--r--    1 puggy    users         238 Mar 28 12:45 id_rsa.pub

-rw-r--r--    1 puggy    users         229 Mar 28 12:03 known_hosts

```

My bash profile on my user on that machine:

```

# /etc/skel/.bash_profile:

# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/skel/.bash_profile,v 1.10 2002/11/18 19:39:22 azarah Exp $

/usr/bin/keychain ~/.ssh/id_rsa ~/.ssh/id_dsa

source ~/.keychain/${HOSTNAME}-sh

#This file is sourced by bash when you log in interactively.

[ -f ~/.bashrc ] && . ~/.bashrc

```

I've verified that the contents of .ssh/id_rsa.pub on my local machine is in authorized_keys on my remote (sshing into) machine.

Quite frankly. I'm stumped. I'm sure this worked when I first did it.

Thanks for any help in advance as usual.

Puggy

----------

## Zombie[BRAAAINS]

The password is for your key. If you don't want to have to type that in, you can either create a passwordless key or install something like keyring.

----------

## S_aIN_t

this is how i did it: 

on my machine:

```

# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key: (/home/youLoginName/.shh/id_rsa):

```

just hit enter there.

then it should ask you for a passphrase, all you have to do is hit enter twice

```

Enter passphrase: (empty for no passphrase): 

Enter passphrase again:

Your identification has beensaved in /home/yourLoginName/.ssh/id_rsa.

Your pulic key has been saved in /home/YouLoginName/.ssh/id_rsa.pub.

Your key fingerprint is: some key here yourLoginName@localhost

```

all i had to do after this is copy the key to the server that i will login to using the key pair generated above. i did it like this:

```

scp .ssh/id_rsa.pub serverNameHere:.ssh/authorized_keys2

```

after that, all i have to do is type

```

ssh serverName

```

and i am logged into severName without having to type a password or passphrase.

hope this helps.

----------

## puggy

I've done all that. I'm using keychain.

----------

## S_aIN_t

hmm.. i guess i should have read closer.. 

i haven't used keychain before.. cannot help you there.  :Sad: 

----------

## CountZero

Run ssh-add after you start it.

If this still doesn't work then I would just skip the frontend and run ssh-agent <favorite shell>.  It's essentially the same process, key chain just has some extra words that make it look pretty.   :Razz: 

----------

## jeremy_

check out this link.

http://33ad.org/wiki/SSHAuthKeyInstructions

i wrote it awhile back for some friends of mine.

also, i start X with the following command

   exec ssh-agent startx

that way, each term under X will get access to the same ssh-agent and I only have to give the agent my key one time.

----------

## puggy

I'm almost certain the problem does not lie with keychain. As If I log in and do ssh-add it still does not remember me when I return.

...

```

puggy@aragorn puggy $ ssh legolas

Enter passphrase for key '/home/puggy/.ssh/id_rsa':

Last login: Sat Apr  5 19:50:50 2003 from aragorn.fellowship.com

KeyChain 2.0.1; http://www.gentoo.org/projects/keychain

 Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL

 * All previously running ssh-agent(s) have been stopped.

 * Initializing /home/puggy/.keychain/legolas.fellowship.com-sh file...

 * Initializing /home/puggy/.keychain/legolas.fellowship.com-csh file...

 * Starting new ssh-agent

 * 1 more keys to add...

Enter passphrase for /home/puggy/.ssh/id_rsa:

Identity added: /home/puggy/.ssh/id_rsa (/home/puggy/.ssh/id_rsa)

puggy@legolas puggy $ cat .keychain/legolas.fellowship.com-sh

SSH_AUTH_SOCK=/tmp/ssh-XXg9RGKA/agent.6265; export SSH_AUTH_SOCK;

SSH_AGENT_PID=6267; export SSH_AGENT_PID;

puggy@legolas puggy $ ssh-add

Enter passphrase for /home/puggy/.ssh/id_rsa:

Identity added: /home/puggy/.ssh/id_rsa (/home/puggy/.ssh/id_rsa)

puggy@legolas puggy $ exit

logout

Connection to legolas closed.

puggy@aragorn puggy $ ssh legolas

Enter passphrase for key '/home/puggy/.ssh/id_rsa':

Last login: Sun Apr  6 11:12:20 2003 from aragorn.fellowship.com

KeyChain 2.0.1; http://www.gentoo.org/projects/keychain

 Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL

 * Found existing ssh-agent at PID 6267

```

----------

## fruitmonkey

You run ssh-add and keychain on your local computer, not the one you're sshing to...

----------

## puggy

sorry. that was a mistake on my part.

In my bash_profile on the local computer I have...

```

puggy@aragorn puggy $ cat .bash_profile

# /etc/skel/.bash_profile:

# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/skel/.bash_profile,v 1.10 2002/11/18 19:39:22 azarah Exp $

#This file is sourced by bash when you log in interactively.

/usr/bin/keychain ~/.ssh/id_rsa ~/.ssh/id_dsa

source ~/.keychain/${HOSTNAME}-sh

[ -f ~/.bashrc ] && . ~/.bashrc

```

However, I've just tried doing ssh-add on my local machine and it worked fine when I logged into legolas (the remote machine), obviously I've configured keychain wrong in some way even though when I connect to legolas for the first time it does this (which looks right, but doesn't work)

```

puggy@aragorn puggy $ ssh legolas

Enter passphrase for key '/home/puggy/.ssh/id_rsa':

Last login: Sat Apr  5 19:50:50 2003 from aragorn.fellowship.com

KeyChain 2.0.1; http://www.gentoo.org/projects/keychain

Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL

* All previously running ssh-agent(s) have been stopped.

* Initializing /home/puggy/.keychain/legolas.fellowship.com-sh file...

* Initializing /home/puggy/.keychain/legolas.fellowship.com-csh file...

* Starting new ssh-agent

* 1 more keys to add...

Enter passphrase for /home/puggy/.ssh/id_rsa:

Identity added: /home/puggy/.ssh/id_rsa (/home/puggy/.ssh/id_rsa)

```

Cheers.

Puggy

----------

## puggy

I think I may have got slightly muddled as to how this was supposed to work. for some reason I was under the impressino that when I logged into my remote machine for the first time it would automatically remember the pass phrase. Now I see that it meant logging into my machine as opposed to logging into the remote machine...

Now that I've (at least for the moment  :Very Happy:   ) ceased being retarded I ask one final question...

Even though I've got

```

puggy@aragorn puggy $ cat .bash_profile

# /etc/skel/.bash_profile:

# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/skel/.bash_profile,v 1.10 2002/11/18 19:39:22 azarah Exp $

#This file is sourced by bash when you log in interactively.

/usr/bin/keychain ~/.ssh/id_rsa ~/.ssh/id_dsa

source ~/.keychain/${HOSTNAME}-sh

[ -f ~/.bashrc ] && . ~/.bashrc

```

in my bash_profile on the local machine I never actually get asked for any passwords. How do I actually get keychain to ask me for passwords say the first time I open a konsole? or get a konsole window to open when I log in asking me for them?

Puggy

Puggy

----------

## danielrm26

You have to have a passworded private key.  You stated (I think) that you made it without one.  That is why keychain won't prompt you.

I have a similar problem.  I am following all the instructions from man keychain and the IBM page written by drobbins.  

My problem is that every time I open a terminal, I am prompted to enter the password for the private key that keychain is calling.  This sort of defeats the purpose.  The problem seems to lie in the instructions indicating that a file called ~/.ssh-agent is going to be sourced, which will allow those variables to remain with the system.  Well, keychain isn't making any such file - so it can't be sourced.

Any ideas?

----------

## RockHound

I am stuck too on this one ...

Followed all the instructions on DevWorks @ IBM written by drobbins ... I can't get my system to run the stuff in ~/.bash_profile. If i call the key_chain line manually it works like a charm... but not when starting up konsole or the likes.

Hope some of you have an idea...

Greetings,

Martin

----------

## danielrm26

Ok, I got it working.  First, I commented out the line in /etc/X11/Sessions/Gnome concerning ssh (mentioned above). Then I added:

keychain ~/.ssh/magnus

. ~/.keychain/hostname-sh

...to my .bash_profile.  I restarted my whole system and now it asks only once when I open my first terminal, and from then on it is cached.

Good luck, guys.

----------

## schism39401

I have the passwordless working for my regular user on my server

```
Regular User on Server -----------> Regular User on Desktop----->login ok with no password
```

but when I try to log in from the regular server user to the root of my desktop i get an error.

```
Regular User on Server ---------> Root User on Desktop------>Connection closed by 10.10.10.1
```

I have changed sshd_config to allow root logins and restarted ssh. I have also copied the id_rsa.pub from my desktop to the server and put it in home/regularuser/.ssh/authorizedkeys. But still no go. I am stumped at this point.

----------

## joshua

 *danielrm26 wrote:*   

> Ok, I got it working.  First, I commented out the line in /etc/X11/Sessions/Gnome concerning ssh (mentioned above).

 

Could you please tell me the exact changes? I can't find the line "mentioned above".

----------

