Author Topic: SSH public key authentication  (Read 1771 times)

tawalker

  • Jr. Member
  • **
  • Posts: 82
    • View Profile
    • http://
SSH public key authentication
« on: January 09, 2004, 10:12:43 am »
I\'ve been setting up ssh on three computers at home, with the aim of using public key authentication to remove the need to input passwords. AFAIK, I have followed accurately the procedure for copying the public keys from the clients into the authorized_keys files on the servers.

These are the three machines (names changed to protect the innocent  ):

A = Linux desktop; ssh server and client
B = Windows laptop; ssh client only (PuTTY and Pageant authentication agent)
C = my Zaurus 5500 (tkcROM); ssh server and client

To date, I can log onto A from B or C, without needing to input a password - that is, the key pairs are matched up by the client and server, and it logs me straight in. Unfortunately, when I try to log onto C from A or B, I am always asked for the password, even though the public keys from A and B are both present in the authorized-keys file.

In short, I have two ssh servers, which I set up the same way - the desktop (where the key authentication is working), and the Zaurus (where it isn\'t). I\'ll experiment further this evening; meantime, is there anything I could be overlooking?

Thanks,
Tim
---
Tim Walker - UK
Sharp Zaurus SL-5500 - OZ 3.3.5
"A.N.Other" 128Mb MMC - Buffalo CF WiFi
---

Stubear

  • Hero Member
  • *****
  • Posts: 1164
    • View Profile
    • http://
SSH public key authentication
« Reply #1 on: January 10, 2004, 07:18:06 am »
What user are you logging into the Zaurus as? Are you user \"zaurus\" on the the desktop? or do you have another user name?

On the C760 there are 2 users on the Z - root and zaurus, if i try to ssh to the Z as my normal user on the desktop then I get the password prompt unless I tell shh to log in over ssh as zaurus. Then key authentication works fine.

If you are logging in as root (not sure what model zaurus you have but some of them only have the root user) then check that ssh.config and sshd.config on the zaurus as some installations of ssh don\'t allow key authentication for root.

hope this helps somewhat

Stu
SL-C1000, Hand converted to English with Japanese Input
Running X apps via X/Qt
iRiver USB host cable; Diatec P-Cord usb power cable (extendable); Acro's Reel Cable USB (A to A, B, Mini-B,  & Mini-B 8pin); GreenHouse 1Gb PicoDrive+; 2x256Mb Hagiwara SD cards; 128Mb Transcend CF card; 512Mb PQI CF card; AmbiCom WL1100C-CF 11B WLAN card

tawalker

  • Jr. Member
  • **
  • Posts: 82
    • View Profile
    • http://
SSH public key authentication
« Reply #2 on: January 10, 2004, 06:07:19 pm »
Hi Stu,

It helped more than somewhat  I tried logging on as zaurus (instead of root, which I tried before), and the key authentication worked perfectly.

Only two catches: As I\'m not logged on as root, I have to use su if I want to (for instance) move any files, but I can live with that for the moment. Also, I get a strange command prompt:

[u@h w]$

Maybe this is my relative inexperience with Linux showing, but any idea how I can get this to show the correct user and hostname (both of which are set up)?

Many thanks,
Tim.
---
Tim Walker - UK
Sharp Zaurus SL-5500 - OZ 3.3.5
"A.N.Other" 128Mb MMC - Buffalo CF WiFi
---

Stubear

  • Hero Member
  • *****
  • Posts: 1164
    • View Profile
    • http://
SSH public key authentication
« Reply #3 on: January 12, 2004, 07:20:17 pm »
Tim,

Having to su to move files is actualy a Good Thing. That way you are given more time to think before you can screw up your system - I\'ve done this a few times with my desktop system

The prompt is a little weird - it should translate to [user@hostname dir]$ or more usually [user@hostname] dir$, this is set in your .profile or .bash_rc and will be in /home/zaurus for zaurus user.

Make sure that that root and zaurus lines in /etc/passwd end in /bin/bash rather than /bin/sh, this will give you useful bash commands like line completion, history etc and should hopefully fix the prompt issue.

Stu
SL-C1000, Hand converted to English with Japanese Input
Running X apps via X/Qt
iRiver USB host cable; Diatec P-Cord usb power cable (extendable); Acro's Reel Cable USB (A to A, B, Mini-B,  & Mini-B 8pin); GreenHouse 1Gb PicoDrive+; 2x256Mb Hagiwara SD cards; 128Mb Transcend CF card; 512Mb PQI CF card; AmbiCom WL1100C-CF 11B WLAN card

tawalker

  • Jr. Member
  • **
  • Posts: 82
    • View Profile
    • http://
SSH public key authentication
« Reply #4 on: January 13, 2004, 03:50:04 am »
Hi Stu,

On su: Yes, root access can be a dangerous thing in inexperienced hands (like... er, mine). I haven\'t done anything drastic file-wise with my Linux desktop yet, but no doubt it\'s just a matter of time...

On the prompt: I checked /etc/passwd, and found the \"root\" entry ended in /bin/bash, but \"zaurus\" ended in /bin/sh, so I updated the latter. I\'ll check later today if that makes any difference - thanks for the tip in the meantime (and the others, for that matter  ).

Tim
---
Tim Walker - UK
Sharp Zaurus SL-5500 - OZ 3.3.5
"A.N.Other" 128Mb MMC - Buffalo CF WiFi
---

ScottYelich

  • Hero Member
  • *****
  • Posts: 992
    • View Profile
    • http://www.zaurususergroup.com/modules.php?opmodload&namephpWiki&filei
SSH public key authentication
« Reply #5 on: January 13, 2004, 11:11:13 am »
you can add the key fro the user \"zaurus\" or \"root\" that you have on the Z to the other places...
and then ssh -l root etc.

That is, if you are \"zaurus\" on the \"Z\" and \"blah\" on \"A\" .. then put the key from user zaurus on the Z into the
authorized keys for user blah on A ... and then ssh -l blah A from the Z.

etc.