| View previous topic :: View next topic |
| Author |
Message |
Tony0945
Advocate
Joined: 25 Jul 2006
Posts: 4647
Location: Illinois, USA
|
 Posted: Tue Jul 28, 2020 5:19 pm Post subject: [solved] passwordless authentication |
 |
|
I somehow screwed this up royally. Once again, I'm confused as to which machine is client and which is server. I thought the local machine was client and the remote machine was server.
Here's the situation:
Three machines A, B, and C
I've verified that all three are running the same version of openssh | Code: | # equery w openssh
/usr/portage/net-misc/openssh/openssh-8.1_p1-r3.ebuild
|
I have verified that all three have the same /etc/ssh/ssh_config and /etc/ssh/sshd_config. I have reemerged and restarted sshd service (OpenRC) on machine's B & C.
I can freely ssh and scp both ways between Machine A and machine B, both as root and as user tony without password.
I can ssh and scp from Machine A to Machine C as root and as tony without password.
I can ssh and scp from Machine B to Machine C as root and as tony without password.
I can ssh from Machine C to Machine A as root. As tony I need a password.
I can scp from Machine C to Machine B as root and as tony.
I cannot scp from Machine C to Machine A as tony without a password.
I can scp from Machine C to Machine B as root and as tony but both require a password.
EDIT: All three are on the local LAN, none are truly remote.
Last edited by Tony0945 on Tue Jul 28, 2020 11:51 pm; edited 1 time in total |
|
| Back to top |
|
 |
Anon-E-moose
Watchman
Joined: 23 May 2008
Posts: 5134
Location: Dallas area
|
| Posted: Tue Jul 28, 2020 5:34 pm Post subject: |
|
|
what's in your different ~/.ssh/config files?
_________________
PRIME x570-pro, 3700x, RX 550 - 5.8 zen kernel
Acer E5-575 (laptop), i3-7100u - i965 - 5.5 zen kernel
---both---
gcc 9.3.0, profile 17.1 (no-pie) amd64-no-multilib, eudev, openrc, openbox
The New OTW |
|
| Back to top |
|
|
Tony0945
Advocate
Joined: 25 Jul 2006
Posts: 4647
Location: Illinois, USA
|
| Posted: Tue Jul 28, 2020 6:34 pm Post subject: |
|
|
No files at all on Machine A, root or tony
No file for root on Machine B. there is a file for tony. it contains "ForwardX11Trusted=yes" which is redundant to /etc/ssh/ssh_config
No files at all on Machine C |
|
| Back to top |
|
|
Anon-E-moose
Watchman
Joined: 23 May 2008
Posts: 5134
Location: Dallas area
|
| Posted: Tue Jul 28, 2020 6:48 pm Post subject: |
|
|
what files are in your local .ssh
| Code: | $ ls
authorized_keys config id_dsa id_dsa.keystore id_dsa.pub id_rsa id_rsa.pub known_hosts |
Edit to add: http://www.linuxproblem.org/art_9.html
_________________
PRIME x570-pro, 3700x, RX 550 - 5.8 zen kernel
Acer E5-575 (laptop), i3-7100u - i965 - 5.5 zen kernel
---both---
gcc 9.3.0, profile 17.1 (no-pie) amd64-no-multilib, eudev, openrc, openbox
The New OTW |
|
| Back to top |
|
|
Tony0945
Advocate
Joined: 25 Jul 2006
Posts: 4647
Location: Illinois, USA
|
| Posted: Tue Jul 28, 2020 8:19 pm Post subject: |
|
|
Machine A: | Code: | Casti ~ # ls -l /root/.ssh
total 24
-rw-r--r-- 1 root root 993 Jul 28 11:43 authorized_keys
-rw------- 1 root root 399 Oct 15 2018 id_ed25519
-rw-r--r-- 1 root root 92 Oct 15 2018 id_ed25519.pub
-rw------- 1 root root 2590 Feb 16 08:53 id_rsa
-rw-r--r-- 1 root root 564 Feb 16 08:53 id_rsa.pub
-rw-r--r-- 1 root root 2106 Jun 11 17:53 known_hosts
Casti ~ # ls -l /home/tony/.ssh
total 12
-rw------- 1 tony tony 1675 Jul 2 2017 id_rsa
-rw-r--r-- 1 tony tony 392 Jul 2 2017 id_rsa.pub
-rw-r--r-- 1 tony tony 2174 Jul 3 20:07 known_hosts
|
Machine B: | Code: | tony@MSI ~ $ sudo su
MSI /home/tony # ls -l /root/.ssh
total 16
-rw-r--r-- 1 root root 1348 Feb 16 09:03 authorized_keys
-rw------- 1 root root 2590 Feb 16 07:56 id_rsa
-rw-r--r-- 1 root root 562 Feb 16 07:56 id_rsa.pub
-rw-r--r-- 1 root root 2933 Jun 5 11:14 known_hosts
MSI /home/tony # ls -l /home/tony/.ssh
total 20
-rw------- 1 tony wheel 956 Feb 16 09:02 authorized_keys
-rw-r--r-- 1 tony wheel 22 Feb 16 06:20 config
-rw------- 1 tony wheel 1811 Apr 14 2019 id_rsa
-rw-r--r-- 1 tony wheel 390 Apr 14 2019 id_rsa.pub
-rw-r--r-- 1 tony wheel 2699 Jul 7 12:33 known_hosts
|
Machine C: | Code: | Trantor ~ # ls -l /root/.ssh
total 16
-rw-r--r-- 1 root root 2297 Feb 16 08:54 authorized_keys
-rw------- 1 root portage 464 Oct 14 2018 id_ed25519
-rw-r--r-- 1 root portage 100 Oct 14 2018 id_ed25519.pub
-rw-r--r-- 1 root root 2332 Jul 28 09:50 known_hosts
Trantor ~ # ls -l /home/tony/.ssh
total 8
-rw------- 1 tony tony 1908 Feb 16 09:00 authorized_keys
-rw-r--r-- 1 tony tony 713 Jul 28 12:10 known_hosts |
|
|
| Back to top |
|
|
Ant P.
Watchman
Joined: 18 Apr 2009
Posts: 6921
|
| Posted: Tue Jul 28, 2020 10:10 pm Post subject: |
|
|
| C is missing a key for the user account. C's root key is owned by the wrong GID. |
|
| Back to top |
|
|
Tony0945
Advocate
Joined: 25 Jul 2006
Posts: 4647
Location: Illinois, USA
|
| Posted: Tue Jul 28, 2020 10:31 pm Post subject: |
|
|
| Ant P. wrote: | | C's root key is owned by the wrong GID. |
I wonder how that happened? probably a misuse of '*'.
That fixed most. re-running the tests. |
|
| Back to top |
|
|
Tony0945
Advocate
Joined: 25 Jul 2006
Posts: 4647
Location: Illinois, USA
|
| Posted: Tue Jul 28, 2020 11:49 pm Post subject: |
|
|
Looking good!
To expand this to the whole LAN including two new machines being built, how does this script look, to be run on each machine.
| Code: | # cat /usr/local/sbin/setupauthentication
#! /bin/bash
echo "run this twice, once logged in as root and again as user tony"
#ssh-keygen -t rsa #if no keys exist or changing keys, uncomment this
serverlist="Casti MSI Trantor raspy k6 SAGE ASUS"
for server in $serverlist
do
if [ "$server" != "$HOSTNAME" ] ; then
ssh-copy-id $server
fi
done
|
I see I wasn't always consistent in my machine name capitalization.
It can't be this simple, can it? I always get confused between client and server reading the wiki. |
|
| Back to top |
|
|
Tony0945
Advocate
Joined: 25 Jul 2006
Posts: 4647
Location: Illinois, USA
|
| Posted: Wed Jul 29, 2020 2:44 pm Post subject: |
|
|
| Forgot to thank you. You guys have saved my bacon a lot in the past. Thank you very much. |
|
| Back to top |
|
|
|
Networking & Security
