CentOS 4.6 Autentificare SSH via keys only

[Praetor]

Bun. Incerc pe CentOs-ul din vmware sa fac operatiunea din titlu doar ca sa ma trezesc cu permission denied.
Am facut asa (Logat ca userul test)
1. ssh-keygen -t rsa
a. lasat default id_rsa
b. pus passphrase
2. copiat id_rsa in authorize_keys
3. chmod 700 .ssh
chmod 600 ./ssh/authorize_keys
4. ssh 127.0.0.1
duce la permission denied (publickey, keyboard-interactive).

Oricat m-as juca cu setarile din sshd nimic.
Initial vroiam sa ma conectez cu putty unde imi tot daduse aceeasi problema asa c-am incercat sa vad daca local merge si n-a mers.

So need help.

[~Empathy~]

Whoa? Dubios ce ai facut tu acolo si vag. O parte din comenzile alea trebuie date pe client, iar alta parte pe server -- la tine e ketchup.

Fa ce scrie aici si nu ai cum sa gresesti:
http://sial.org/howto/openssh/publickey-auth/

[Praetor]

Nu e ketchup. Am generat keys apoi m-am conectat la localhost cu ele pt test. Btw am citit cel putin 5 tutoriale pe tema asta in care spunea ce-am scris eu mai sus.

Am mai incercat si sa generez cheia in puttygen apoi pus publicul pe linux, conectat cu putty. Same sh** (adica nu merge).

[~Empathy~]

Da-mi acces remote la server, da-mi acces remote la client si fac eu tot ce trebuie .

[kman]

Daca ai copiat id_rsa in authorized_keys n-ai facut nimic ca tu ai copiat cheia privata, trebuie sa pui id_rsa.pub in authorized keys.

De asemenea in sshd_config trebuie sa ai urmatoarele chestii setate:

Code Select Expand

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys


AuthorizedKeysFile e optional dupa cum se vede, in exemplul meu e comentat.

[Praetor]

E in vmware acolo experimentez. Si nu vad de ce e o problema daca acelasi linux e si client si server. O sa mai incerc zilele astea, acum am altele pe cap (configurare de postfix si bla).

@kman:
Eu stiam c-am copiat cheia publica. M-am uitat acum si da e cea publica. Am scris gresit in primul post. si-n sshd.conf sint setarile alea.
Am facut paste la o noua incercare. Sint activate si autentificare prin keys si prin parola. CUm keys nu merge am dat parola gresita pana a dat mesajul cu permission denied. IN mod normal ar fi fost dezactivat login prin parola dar am facut operatiunea prin ssh si trebuia sa ma logez cumva.

[test@nutrielle ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is:
33:34:23:04:d4:d7:79:77:e8:fd:e4:28:17:f4:a7:f7 test@nutrielle.com
[test@nutrielle ~]$ cd ~/.ssh
[test@nutrielle .ssh]$ cp id_rsa.pub authorize_keys
[test@nutrielle .ssh]$ ls -l
total 12
-rw-r--r--  1 test test 228 Feb 27 21:04 authorize_keys
-rw-------  1 test test 963 Feb 27 21:04 id_rsa
-rw-r--r--  1 test test 228 Feb 27 21:04 id_rsa.pub
[test@nutrielle .ssh]$ chmod 600 authorize_keys
[test@nutrielle .ssh]$ ls -l
total 12
-rw-------  1 test test 228 Feb 27 21:04 authorize_keys
-rw-------  1 test test 963 Feb 27 21:04 id_rsa
-rw-r--r--  1 test test 228 Feb 27 21:04 id_rsa.pub
[test@nutrielle .ssh]$ ssh 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is 84:4f:72:56:64:37:11:22:c2:25:d9:78:45:1c:61:b2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
test@127.0.0.1's password:
Permission denied, please try again.
test@127.0.0.1's password:
Permission denied, please try again.
test@127.0.0.1's password:
Permission denied (publickey,password).
[test@nutrielle .ssh]$

Daca as fi introdus parola m-ar fi logat fara probleme. Dar scopul e sa fac asta via keys...

[kman]

[test@nutrielle ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is:
33:34:23:04:d4:d7:79:77:e8:fd:e4:28:17:f4:a7:f7 test@nutrielle.com
[test@nutrielle ~]$ cd ~/.ssh
[test@nutrielle .ssh]$ cp id_rsa.pub authorize_keys
[test@nutrielle .ssh]$ ls -l
total 12
-rw-r--r--  1 test test 228 Feb 27 21:04 authorize_keys
-rw-------  1 test test 963 Feb 27 21:04 id_rsa
-rw-r--r--  1 test test 228 Feb 27 21:04 id_rsa.pub
[test@nutrielle .ssh]$ chmod 600 authorize_keys
[test@nutrielle .ssh]$ ls -l
total 12
-rw-------  1 test test 228 Feb 27 21:04 authorize_keys
-rw-------  1 test test 963 Feb 27 21:04 id_rsa
-rw-r--r--  1 test test 228 Feb 27 21:04 id_rsa.pub
[test@nutrielle .ssh]$ ssh 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is 84:4f:72:56:64:37:11:22:c2:25:d9:78:45:1c:61:b2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
test@127.0.0.1's password:
Permission denied, please try again.
test@127.0.0.1's password:
Permission denied, please try again.
test@127.0.0.1's password:
Permission denied (publickey,password).
[test@nutrielle .ssh]$

de fapt e authorized_keys

[Praetor]

Seems to work nu-=mi vine sa cred ca era un typo. Oricum acum vreau sa-l fac sa mearga si din win cu putty. Revin cu detalii

Intre timp m-am prins de ce nu mergea auth din putty. Trebuie passphrase> 4 (daca ai parola) . Cand generezi pe linux te obliga, dar la puttygen nu zice nimic.

Deci am reusit. Inca e un pic voodoo ca practic ultimele 2 dati am incercat cu putty, prima oara failed a doua oara a mers cu aceleasi key.

Anyway, merci kman e uimitor cum n-am observat typo-ul ala atata timp.