host1 & host2 : Solaris 10 - SPARC server


From host1 able to ssh to host2 as same user with out password prompt. But, when ssh to different user in

host2, it prompts for password

DETAILS
=======

In host1:

1) logged as root
2) ssh-keygen -t dsa -b 1024 (no pass phrase)
3) Ensured that permission for /.ssh is 700 & for id_dsa is 600
4) copied id_dsa.pub to host2 : /.ssh

In host2:

1) logged as root
2) cp /.ssh/id_dsa.pub /.ssh/authorized_keys
3) Ensured that permission for /.ssh is 700 & for authorized_keys is 644


From host1:

1) Login as root
2) ssh host2 - Successfully logs in with OUT asking for the password


In host2

1) created a new userid - abcd - homedir /opt/abcd
2) created /opt/abcd/.ssh - 700
3) copied /.ssh/authorized_keys to /opt/abcd/.ssh/authorized_keys 644


From host1:

1) Login as root
2) ssh abcd@host2 - prompts for password.

What should be done so that, from host1, I can ssh for any user in host2 without getting the password prompt

On host 2, edit the /home/user/.ssh/authorized.keys and change the key identity:
ssh-rsa LKJojlKlkjMLjpojMPJmlj etc... == root@host1
to :
ssh-rsa LKJojlKlkjMLjpojMPJmlj etc... == user@host1

On host 1 copy the root private key (id_rsa) to /home/user/.ssh/

If this doesn't work, I guess you will need to create a new pair of key for your user the same way you did for root.

Created the keys in host1, while logged in as root & then copied the public key to host2

From host1, initially did

ssh host2 - which worked fine

now,

ssh user2@host2 - prompts for password

In public key it contains root@host1 - which is fine. Coz, am always logged as root in host1 - so no need to change

Not sure how to proceed :-(

On host 2, when you try to login as user@host1 sshd will look for a public key belonging to user@host1, not root@host1 even if you invoque ssh user@host2 in a root session on host1. Hence the need to edit the public key indentification in the host2 authorized_keys. Or to create a new pair of keys for user

To trouble shoot:
$ tail -f /var/log/auth.log | grep ssh # adapt to the log name or UID specific to your *nix box

and report errors when trying to connect.

sshd is generally pretty verbal about key exchange issues and can be made more so(-d). Check /var/log/messages or wherever you are logging sshd to or run in the the fg with -D. ssh -v{3} is your friend.

I've seen a similar problem where the key permissions were too open. OpenSSH may not like world readable permissions for your private key.

True. That's indeed a possible cause of connection problems. Check and change the permission as follows:

target /home/user directory 766
target /home/user/.ssh directory 700
target /home/user/.ssh/authorized_keys file 600