Category Archives: Unix Administration

Getting password less login with SSH to work when all hope is lost.

Had access to two servers. On one I could login without password, on the second I could not.
No root access, not that it mattered in this case.

Googled a lot, and everybody told me to

chmod 700 .ssh
chmod 600 .ssh/authorized_keys

and it should work, still the computer said NO …

There was one more thing (!)

SELINUX

To really find out about SELINUX (ask Google)
Checking the SELINUX permissions
[asbjorn@server01 ~]$ ls -dZ .ssh .ssh/authorized_keys
drwx——. asbjorn users unconfined_u:object_r:home_root_t:s0 .ssh
-rw——-. asbjorn users unconfined_u:object_r:home_root_t:s0 .ssh/authorized_keys

debug1: Next authentication method: publickey
debug1: Offering public key: asbjorn@server00
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/asbjorn/.ssh/identity
debug1: Trying private key: /home/asbjorn/.ssh/id_rsa
debug1: Trying private key: /home/asbjorn/.ssh/id_dsa
debug1: Next authentication method: password
asbjorn@server01′s password:
debug1: Authentication succeeded (password).
chcon -t user_home_t .ssh .ssh/authorized_keys

[asbjorn@server01 ~]$ ls -dZ .ssh .ssh/authorized_keys
drwx——. asbjorn users unconfined_u:object_r:user_home_t:s0 .ssh
-rw——-. asbjorn users unconfined_u:object_r:user_home_t:s0 .ssh/authorized_keys

debug1: Next authentication method: publickey
debug1: Offering public key: asbjorn@server00
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: Authentication succeeded (publickey).
Reference:
Security Enhanced Linux Contexts Labeling Files

 

Passwordless login remote with SSH

generate the public keys

user1@server1> ssh-keygen –t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
31:a1:c2:d7:a6:9f:27:cd:84:1f:f2:7a:e8:7c:34:80

user1@server1> cd /home/user1/.ssh
user1@server1> cp id_rsa.pub authorized_keys

Copy the file authorized_keys to server2 and it is now possible to login without password.

user1@server1> cd /home/user1/.ssh
user1@server1> scp authorized_keys server2:/home/user1/.ssh