CentOS - Nov 2010 - ssh prompting for password

hello list

I have a network mounted home directory shared between all hosts on my network:

[bluethundr at LCENT03:~]#df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
                      140G  4.4G  128G   4% /
/dev/sda1              99M   35M   60M  37% /boot
tmpfs                 1.6G     0  1.6G   0% /dev/shm
nas.summitnjhome.com:/mnt/nas
                      903G  265G  566G  32% /mnt/nas
nas2.summitnjhome.com:/mnt/store
                      1.4T  187G  1.1T  15% /mnt/store
nas2.summitnjhome.com:/mnt/home
                      903G   47G  784G   6% /home
none                  1.6G  136K  1.6G   1% /var/lib/xenstored

So therefore my RSA key should already be in my authorized_keys on any
host. However logging into the virtual network, I always get prompted
for a password. just for the heck of it, I scp'd the key over again to
one of the virtual hosts:


[bluethundr at LCENT03:~]#scp .ssh/id_rsa.pub virt1:~
bluethundr at virt1's password:
id_rsa.pub
               100%  381     0.4KB/s   00:00

ssh'd in:

[bluethundr at LCENT03:~]#ssh virt1
bluethundr at virt1's password:
Last login: Tue Nov 16 15:57:24 2010 from 192.168.1.46

Searched for the key on the host I just ssh'd into:


[bluethundr at VIRTCENT01:~]#grep -f id_rsa.pub .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABI-FAKE-DATA-dgjIWxnyplIYKE5IQw9FY2+IVsYw=
As you can see, it's already there.. I then checked the modes on
authorized_keys:

[bluethundr at VIRTCENT01:~]#ls -l .ssh/authorized_keys
-rw------- 1 1001 1002 1597 Nov 15 12:02 .ssh/authorized_keys

And checked that I was using the same shared network mounted home
directory from the machine I just ssh'd in from:


[bluethundr at VIRTCENT01:~]#df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
                      9.1G  1.8G  6.9G  21% /
/dev/xvda1             99M   20M   75M  21% /boot
tmpfs                 129M     0  129M   0% /dev/shm
nas.summitnjhome.com:/mnt/nas
                      903G  265G  566G  32% /mnt/nas
nas2.summitnjhome.com:/mnt/store
                      1.4T  187G  1.1T  15% /mnt/store
nas2.summitnjhome.com:/mnt/home
                      903G   47G  784G   6% /home
[bluethundr at VIRTCENT01:~]#


Considering that this key is internal network only and doesn't have a
passphrase set (it does not traverse internet boundaries) why on earth
am I being prompted for a password whenever I ssh into this machine?

thanks!
-- 
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9

Share and enjoy!!

A few things to look for:

Make sure .ssh and authorized_keys files are permissioned to 700 and 600
respectively. If they are wide open then ssh will skip them.
Check /var/log/secure on both machines. That may give you a clue
ssh with -vvv (or just -v) and see if you get errors.

I just had the same thing and my problem was .ssh permissions.

Hope this helps.
John


On Tue, Nov 16, 2010 at 16:05, bluethundr <bluethundr at gmail.com> wrote:
> hello list
>
> I have a network mounted home directory shared between all hosts on my
> network:
>
> [bluethundr at LCENT03:~]#df -h
> Filesystem            Size  Used Avail Use% Mounted on
> /dev/mapper/VolGroup00-LogVol00
>                      140G  4.4G  128G   4% /
> /dev/sda1              99M   35M   60M  37% /boot
> tmpfs                 1.6G     0  1.6G   0% /dev/shm
> nas.summitnjhome.com:/mnt/nas
>                      903G  265G  566G  32% /mnt/nas
> nas2.summitnjhome.com:/mnt/store
>                      1.4T  187G  1.1T  15% /mnt/store
> nas2.summitnjhome.com:/mnt/home
>                      903G   47G  784G   6% /home
> none                  1.6G  136K  1.6G   1% /var/lib/xenstored
>
> So therefore my RSA key should already be in my authorized_keys on any
> host. However logging into the virtual network, I always get prompted
> for a password. just for the heck of it, I scp'd the key over again to
> one of the virtual hosts:
>
>
> [bluethundr at LCENT03:~]#scp .ssh/id_rsa.pub virt1:~
> bluethundr at virt1's password:
> id_rsa.pub
>               100%  381     0.4KB/s   00:00
>
> ssh'd in:
>
> [bluethundr at LCENT03:~]#ssh virt1
> bluethundr at virt1's password:
> Last login: Tue Nov 16 15:57:24 2010 from 192.168.1.46
>
> Searched for the key on the host I just ssh'd into:
>
>
> [bluethundr at VIRTCENT01:~]#grep -f id_rsa.pub .ssh/authorized_keys
> ssh-rsa AAAAB3NzaC1yc2EAAAABI-FAKE-DATA-dgjIWxnyplIYKE5IQw9FY2+IVsYw=>
> As you can see, it's already there.. I then checked the modes on
> authorized_keys:
>
> [bluethundr at VIRTCENT01:~]#ls -l .ssh/authorized_keys
> -rw------- 1 1001 1002 1597 Nov 15 12:02 .ssh/authorized_keys
>
> And checked that I was using the same shared network mounted home
> directory from the machine I just ssh'd in from:
>
>
> [bluethundr at VIRTCENT01:~]#df -h
> Filesystem            Size  Used Avail Use% Mounted on
> /dev/mapper/VolGroup00-LogVol00
>                      9.1G  1.8G  6.9G  21% /
> /dev/xvda1             99M   20M   75M  21% /boot
> tmpfs                 129M     0  129M   0% /dev/shm
> nas.summitnjhome.com:/mnt/nas
>                      903G  265G  566G  32% /mnt/nas
> nas2.summitnjhome.com:/mnt/store
>                      1.4T  187G  1.1T  15% /mnt/store
> nas2.summitnjhome.com:/mnt/home
>                      903G   47G  784G   6% /home
> [bluethundr at VIRTCENT01:~]#
>
>
> Considering that this key is internal network only and doesn't have a
> passphrase set (it does not traverse internet boundaries) why on earth
> am I being prompted for a password whenever I ssh into this machine?
>
> thanks!
> --
> Here's my RSA Public key:
> gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9
>
> Share and enjoy!!
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


-- 
 John Kennedy
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20101116/6e47f336/attachment-0001.html>

bluethundr wrote:
> hello list
>
> I have a network mounted home directory shared between all hosts on my
> network:
<snip>
> So therefore my RSA key should already be in my authorized_keys on any
> host. However logging into the virtual network, I always get prompted
> for a password. just for the heck of it, I scp'd the key over again to
> one of the virtual hosts:
<snip>
> Considering that this key is internal network only and doesn't have a
> passphrase set (it does not traverse internet boundaries) why on earth
> am I being prompted for a password whenever I ssh into this machine?
Do you have
PermitRootLogin without-password
in /etc/ssh/sshd_config?

       mark

bluethundr wrote, On 11/16/2010 04:05 PM:
> hello list
> 
> I have a network mounted home directory shared between all hosts on my
network:
> 
> 
> So therefore my RSA key should already be in my authorized_keys on any
> host. However logging into the virtual network, I always get prompted
> for a password. just for the heck of it, I scp'd the key over again to
> one of the virtual hosts:
> 
> 
> [bluethundr at LCENT03:~]#scp .ssh/id_rsa.pub virt1:~
> bluethundr at virt1's password:
> id_rsa.pub
>                100%  381     0.4KB/s   00:00
> 
> ssh'd in:
> 
> [bluethundr at LCENT03:~]#ssh virt1
> bluethundr at virt1's password:
> Last login: Tue Nov 16 15:57:24 2010 from 192.168.1.46
> Considering that this key is internal network only and doesn't have a
> passphrase set (it does not traverse internet boundaries) why on earth
> am I being prompted for a password whenever I ssh into this machine?
> 
> thanks!
assumption 1: the private key is .ssh/id_rsa.priv (on the starting machine).
assumption 2: you have to tell ssh (actually the ssh agent) which key to use.
assumption 3: .ssh/id_rsa.priv is readable only by the user.
assumption 4: someone has not configured the other machine to disallow keyed
login (nuts, but could
happen. PubkeyAuthentication no?).

have you done
`ssh-add .ssh/id_rsa.priv`
before you ssh?

what does
ssh-add -L
and
ssh-add -l
give?

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter

On Tue, Nov 16, 2010 at 4:05 PM, bluethundr <bluethundr at gmail.com>
wrote:
>
> So therefore my RSA key should already be in my authorized_keys on any
> host. However logging into the virtual network, I always get prompted
> for a password. just for the heck of it, I scp'd the key over again to
> one of the virtual hosts:
>
[snip]
> Considering that this key is internal network only and doesn't have a
> passphrase set (it does not traverse internet boundaries) why on earth
> am I being prompted for a password whenever I ssh into this machine?
I've seen this before in NFS mounted home directories..and had to
think about it before I realized what was happening.

When you first attempt to login, sshd is running as root. It needs to
look at your NFS mounted home directory (which is often set for no
root squash) to get the public key.  But because it is no root squash,
and the perms on your pubkey are probably 700, even root can't read
the key.  You can verify by logging in as root to the machine and
trying to cat out the users public key.  Most likely you cannot so the
sshd cannot validate the key.

bluethundr <bluethundr at gmail.com> wrote:
> [bluethundr at VIRTCENT01:~]#ls -l .ssh/authorized_keys
> -rw------- 1 1001 1002 1597 Nov 15 12:02 .ssh/authorized_keys
By any chance do you have a UID/GID mismatch between machines?
I'm not convinced that it would result in the behavior matched,
but the fact that 1001 and 1002 above were not resolved made me 
wonder.

Also, John Kennedy mentioned permissions.  Also check for overly
open permissions on parent directories all the way up to /.

Devin
-- 
Shirt, Shoes, Sober... --Pick Two
							- Chuck Yerkes