Hi, I am just migrating to Centos from fedora core 3. I have 3 boxes involved here: Box A --Fedora 3 (doing the dns, http, sendmail serving duties) Box B --CentOS Box C --CentOS I used to run root passwordless ssh both ways from boxes A and B mainly set up to keep the 2 boxes in sync w/rsync ... these 2 boxes normally ran one being the slave and the other being the master...the master did all the serving duties...if something happened where the master couldn't do it anymore, then the slave becomes master. I have tried and tried the following #ssh-keygen -t dsa (and rsa using authorized_keys(2) or both depending...) when it asks for passphrase...just enter and enter # scp /root/.ssh/id_dsa.pub boxA:/root/.ssh/ # ssh boxB #<password> boxbshell # cat /root/.ssh/id_dsa.pub >>/root/.ssh/authorized_key or key2 or both. # exit boxashell # ssh boxb <password> will NOT let me do passwordless now then I have gotten it to work by using the following /root/.ssh/.config : Host remotehost User remoteuser Compression yes Protocol 2 RSAAuthentication yes StrictHostKeyChecking no ForwardAgent yes ForwardX11 yes IdentityFile /home/localuser/.ssh/id_remotehost_dsa taken from: http://www.davz.net/static/howto/sshkeys I can get it to work from 2 boxes both ways...but when I set up the 3rd box, it works but one of the other boxes that was good does not do it anymore. I go back edit the authorized_key files.... check the other boxes make sure they still work set up the faulty box again...get it working then one of the other good boxes doesn't work I then start looking into the .config file...has some pretty dangerous things in it that I really don't care for but that's where I am right now. does anyone know of anything specific that Centos is doing here? or what can be my problem? BTW I am NOT using selinux only as a warn thx John Rose -- ...and I woke up 2 days later in the back yard talking to Elvis!
On 5/7/05, rado <rado at rivers-bend.com> wrote:> > does anyone know of anything specific that Centos is doing here? or what > can be my problem?Try making sure that the permissions for the /root/.ssh directory is 700, and the permissions on the /root/.ssh/authorized_keys is 600. Also try looking at your logs if that doesn't help. Whenever I've had any problem like you're describing, it was being logged, which in turn clued me in on the problem. -Ryan
On Sat, 2005-05-07 at 14:16 -0500, rado wrote:> does anyone know of anything specific that Centos is doing here?Nope.> or what can be my problem?Check your permissions on both the client and server. chmod -R 0700 ~/.ssh -- Ignacio Vazquez-Abrams <ivazquez at ivazquez.net> http://centos.ivazquez.net/ gpg --keyserver hkp://subkeys.pgp.net --recv-key 38028b72 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20050507/2018ebe2/attachment-0004.sig>
> > > > > does anyone know of anything specific that Centos is doing here? or what > > can be my problem? > > Try making sure that the permissions for the /root/.ssh directory is > 700, and the permissions on the /root/.ssh/authorized_keys is 600. > > Also try looking at your logs if that doesn't help. Whenever I've had > any problem like you're describing, it was being logged, which in turn > clued me in on the problem. > > -Ryan> Nope. > > > or what can be my problem? > > Check your permissions on both the client and server. > > chmod -R 0700 ~/.ssh > > -- > Ignacio Vazquez-Abrams <ivazquez at ivazquez.net> > http://centos.ivazquez.net/ >Thx Ryan and Ignacio you guys were so right w/your replies...I just kept concentrating on permissions.. I would make a change and right away do: chmod -R 700 /root/.ssh I did not do chmod 600 /root/.ssh/authorized_keys as it didn't seem to need be...for sure I would have if I couldn't get it working. I was aware that permissions were a major player here but thought I had them right but didn't... well, sure appreciate your replies john rose -- rado <rado at rivers-bend.com>