Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] passwordless authentication
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 4267
Location: Illinois, USA

PostPosted: Tue Jul 28, 2020 5:19 pm    Post subject: [solved] passwordless authentication Reply with quote

I somehow screwed this up royally. Once again, I'm confused as to which machine is client and which is server. I thought the local machine was client and the remote machine was server.

Here's the situation:

Three machines A, B, and C

I've verified that all three are running the same version of openssh
Code:
# equery w openssh
/usr/portage/net-misc/openssh/openssh-8.1_p1-r3.ebuild
I have verified that all three have the same /etc/ssh/ssh_config and /etc/ssh/sshd_config. I have reemerged and restarted sshd service (OpenRC) on machine's B & C.

I can freely ssh and scp both ways between Machine A and machine B, both as root and as user tony without password.
I can ssh and scp from Machine A to Machine C as root and as tony without password.
I can ssh and scp from Machine B to Machine C as root and as tony without password.
I can ssh from Machine C to Machine A as root. As tony I need a password.
I can scp from Machine C to Machine B as root and as tony.
I cannot scp from Machine C to Machine A as tony without a password.
I can scp from Machine C to Machine B as root and as tony but both require a password.

EDIT: All three are on the local LAN, none are truly remote.


Last edited by Tony0945 on Tue Jul 28, 2020 11:51 pm; edited 1 time in total
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 4995
Location: Dallas area

PostPosted: Tue Jul 28, 2020 5:34 pm    Post subject: Reply with quote

what's in your different ~/.ssh/config files?
_________________
PRIME x570-pro, 3700x, RX 550 - 5.8 zen kernel
Acer E5-575 (laptop), i3-7100u - i965 - 5.5 zen kernel
---both---
gcc 9.3.0, profile 17.1 (no-pie & modified) amd64-no-multilib, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 4267
Location: Illinois, USA

PostPosted: Tue Jul 28, 2020 6:34 pm    Post subject: Reply with quote

No files at all on Machine A, root or tony
No file for root on Machine B. there is a file for tony. it contains "ForwardX11Trusted=yes" which is redundant to /etc/ssh/ssh_config
No files at all on Machine C
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 4995
Location: Dallas area

PostPosted: Tue Jul 28, 2020 6:48 pm    Post subject: Reply with quote

what files are in your local .ssh

Code:
$ ls
authorized_keys  config  id_dsa  id_dsa.keystore  id_dsa.pub  id_rsa  id_rsa.pub  known_hosts


Edit to add: http://www.linuxproblem.org/art_9.html
_________________
PRIME x570-pro, 3700x, RX 550 - 5.8 zen kernel
Acer E5-575 (laptop), i3-7100u - i965 - 5.5 zen kernel
---both---
gcc 9.3.0, profile 17.1 (no-pie & modified) amd64-no-multilib, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 4267
Location: Illinois, USA

PostPosted: Tue Jul 28, 2020 8:19 pm    Post subject: Reply with quote

Machine A:
Code:
Casti ~ # ls -l /root/.ssh
total 24
-rw-r--r-- 1 root root  993 Jul 28 11:43 authorized_keys
-rw------- 1 root root  399 Oct 15  2018 id_ed25519
-rw-r--r-- 1 root root   92 Oct 15  2018 id_ed25519.pub
-rw------- 1 root root 2590 Feb 16 08:53 id_rsa
-rw-r--r-- 1 root root  564 Feb 16 08:53 id_rsa.pub
-rw-r--r-- 1 root root 2106 Jun 11 17:53 known_hosts
Casti ~ # ls -l /home/tony/.ssh
total 12
-rw------- 1 tony tony 1675 Jul  2  2017 id_rsa
-rw-r--r-- 1 tony tony  392 Jul  2  2017 id_rsa.pub
-rw-r--r-- 1 tony tony 2174 Jul  3 20:07 known_hosts
Machine B:
Code:
tony@MSI ~ $ sudo su
MSI /home/tony # ls -l /root/.ssh
total 16
-rw-r--r-- 1 root root 1348 Feb 16 09:03 authorized_keys
-rw------- 1 root root 2590 Feb 16 07:56 id_rsa
-rw-r--r-- 1 root root  562 Feb 16 07:56 id_rsa.pub
-rw-r--r-- 1 root root 2933 Jun  5 11:14 known_hosts
MSI /home/tony # ls -l /home/tony/.ssh
total 20
-rw------- 1 tony wheel  956 Feb 16 09:02 authorized_keys
-rw-r--r-- 1 tony wheel   22 Feb 16 06:20 config
-rw------- 1 tony wheel 1811 Apr 14  2019 id_rsa
-rw-r--r-- 1 tony wheel  390 Apr 14  2019 id_rsa.pub
-rw-r--r-- 1 tony wheel 2699 Jul  7 12:33 known_hosts
Machine C:
Code:
Trantor ~ # ls -l /root/.ssh
total 16
-rw-r--r-- 1 root root    2297 Feb 16 08:54 authorized_keys
-rw------- 1 root portage  464 Oct 14  2018 id_ed25519
-rw-r--r-- 1 root portage  100 Oct 14  2018 id_ed25519.pub
-rw-r--r-- 1 root root    2332 Jul 28 09:50 known_hosts
Trantor ~ # ls -l /home/tony/.ssh
total 8
-rw------- 1 tony tony 1908 Feb 16 09:00 authorized_keys
-rw-r--r-- 1 tony tony  713 Jul 28 12:10 known_hosts
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6778

PostPosted: Tue Jul 28, 2020 10:10 pm    Post subject: Reply with quote

C is missing a key for the user account. C's root key is owned by the wrong GID.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 4267
Location: Illinois, USA

PostPosted: Tue Jul 28, 2020 10:31 pm    Post subject: Reply with quote

Ant P. wrote:
C's root key is owned by the wrong GID.

I wonder how that happened? probably a misuse of '*'.
That fixed most. re-running the tests.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 4267
Location: Illinois, USA

PostPosted: Tue Jul 28, 2020 11:49 pm    Post subject: Reply with quote

Looking good!

To expand this to the whole LAN including two new machines being built, how does this script look, to be run on each machine.
Code:
 # cat /usr/local/sbin/setupauthentication
#! /bin/bash

echo "run this twice, once logged in as root and again as user tony"

#ssh-keygen -t rsa  #if no keys exist or changing keys, uncomment this

serverlist="Casti MSI Trantor raspy k6 SAGE ASUS"

for server  in  $serverlist
do
   if [ "$server" !=  "$HOSTNAME" ] ; then
      ssh-copy-id $server
   fi
done
I see I wasn't always consistent in my machine name capitalization.

It can't be this simple, can it? I always get confused between client and server reading the wiki.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 4267
Location: Illinois, USA

PostPosted: Wed Jul 29, 2020 2:44 pm    Post subject: Reply with quote

Forgot to thank you. You guys have saved my bacon a lot in the past. Thank you very much.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum