ssh key doesn't work?

[VinylxScratches]

I am on opensuse 11.4

When I run ssh-keygen on the server, I generate a key that populates on ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa.

I copp id_rsa.pub to the client laptop that is running 11.4 as well.

I then rename id_rsa.pub to authorized_keys and chmod 600.

Then I try to do ssh -i authorized_keys IP server and it prompts for a password.

What am I doing wrong?

 

[Crusty]

Generally you create your key on the machine you will be SSH'ing from. Then you copy your public key to the server, usually by delivering it to the admin of the server if you don't already have access to the server.

 

[VinylxScratches]

hmph. wow. really. I thought I did it this way last time.

Thanks!

 

[VinylxScratches]

Well wait a sec.... so how does the server know that the key is ok with credentials? My username is the same on both computers, I guess I see that. But what about if they aren't? I'm confused now.

 

[Nothinman]

You put your public key in the authorized_keys of whatever account you're logging into. It compares the keys of the accounts you specify, the username doesn't have to be the same.

 

[Phantomaniac]

I was having the same issue a while ago. I'd followed a tutorial to the letter and still couldn't get public key authentication to work. Turns out AuthorizedKeysFile was commented out by default in sshd_config, so check your config file.

 

[joetekubi]

I don't know anything about Suse, but I recently worked through this on a RHEL 5 server. In that case, the file was named authorized_keys2. I also saw some notes that the permission needed to set, or it would fail. Set the .ssh dir to chmod 700, but some tips say chmod 600.

 

[Nothinman]

I don't know anything about Suse, but I recently worked through this on a RHEL 5 server. In that case, the file was named authorized_keys2. I also saw some notes that the permission needed to set, or it would fail. Set the .ssh dir to chmod 700, but some tips say chmod 600.

The directory should be executable, but not the file. And the server logs should explicitly say when there's a permissions issue.

 

[skrewler2]

I'll just give a rundown of the correct steps. I'm going to make the assumption that your laptop can SSH into your server machine in some fashion right now.. if not you should be able to figure out what to do


mkdir -p ~/.ssh/ ; cd ~/.ssh/ ; ssh-keygen -t rsa -f id_rsa -C "`whoami`@`hostname`" -q -P ''

ssh whoever@server "mkdir -p ~/.ssh/ ; echo `cat ~/.ssh/id_rsa.pub` >> ~/.ssh/authorized_keys ; chmod 700 ~/.ssh/ ; chmod 600 ~/.ssh/authorized_keys"

Run this on your server to disable password authentication and only use pub keys..


perl -i.bak -p -e "s/(^PubkeyAuthentication\s+)(.*)/\1Yes/;s/(^PasswordAuthentication\s+)(.*)/\1No/" /etc/ssh/sshd_config


should work. lmk if it doesnt

 

[skrewler2]

oh, also..

ssh -i shouldn't point to authorized_keys. it should point to your private key that corresponds to the key in the servers authorized_keys file. you don't need to use the -i option if your private key is in ~/.ssh/ and named id_rsa, id_dsa, or identity .. you can add some config options to make it look thru more of them or whatever though.