03-08-2017
mode of Directory the key.
Quote:
Originally Posted by
rbatte1
Remember that the permissions have to be locked down at both ends so only the owner at the client end ONLY can read the private key and that the userid on the server (target) ONLY can read/write the public key. SSH and other tools that use these keys will check that they are not vulnerable to someone else editing them. You should also check that the directory permissions for .ssh are read/write/execute for the owner ONLY.
Do not allow any other access to these files. The blanket chmod 777 ....... will make prevent you using them. Try chmod 600 ~/.ssh/* and chmod 700 ~/.ssh on both the client and the server.
If it's not any of the above, when you generated the keys I'm wondering if your provided a passphrase. This would require you to enter the passphrase every time to use the keys, so you can't automate it.
It is best practice to have a passphrase for interactive use of the keys. If you wish, you can have multiple keys defined and use the one without a passphrase for automated processing using the -i flag.
I hope that this helps,
Robin
I have run across this time and again and it always takes me a while to remember why. Openssh was specifically written to disallow connection if the permissions of .ssh are too open. see
Ubuntu's writeup on this
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello all,
I would like to know if anyone had ever set up a network in which they used DHCP and OPENSSH with no password. I can configure my ssh files to allow me to enter any machine without a password as long as I have generated the public and private keysa nd store them in my .ssh/aut... ... (3 Replies)
Discussion started by: larryase
3 Replies
2. Solaris
Hi Gurus
I have a few Sol 5.9 servers and i have enabled password less authentication between them for my user ID. Often i have found that when my password has expired,the login fails.
Resetting my password reenables the keys.
Do i need to do something to avoid this scenario or is this... (2 Replies)
Discussion started by: Renjesh
2 Replies
3. Red Hat
I setup the keys between 2 servers, but my user account has no password specified for it (never set one up on the account for security reasons). When I try to SSH to the server, SSH prompts for a password that doesn't exist (so I can never connect successfully).
Note: 'passwd -d Rynok' removes... (3 Replies)
Discussion started by: Rynok
3 Replies
4. UNIX for Dummies Questions & Answers
How to setup SSH to not require a password when establishing an SSH connection from server A to server B for particular user? (4 Replies)
Discussion started by: sam101
4 Replies
5. Red Hat
i need to set up a user to execute a restricted command as another user and to be able to do so without entering a password. I understand the security concerns but let's not go there, unless you are really compelled to do so... The directive to permit is that I believe should work and did add to... (2 Replies)
Discussion started by: twk
2 Replies
6. Shell Programming and Scripting
hi,
i want to setup a password less FTP to a remote server so that i can ftp to a remote server without the password.
i have setup a passwordless ssh and i am able to use scp commands to connect to the remote server without asking for the password. but when i try to ftp to the same remote... (6 Replies)
Discussion started by: Little
6 Replies
7. Solaris
HI Community.
I was trying to create ssh password less authentication for one user called night and it's not working for me.
These are the steps I followed:-
I have logged into the server and issued ssh-ketgen -t rsabash-3.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.... (4 Replies)
Discussion started by: bentech4u
4 Replies
8. UNIX for Advanced & Expert Users
How do I setup a Samba server to always ask to user and password, when a windows user, prints your files using a shared printer through a Samba Linux Server (CUPS)? (0 Replies)
Discussion started by: viga
0 Replies
9. AIX
Hello,
We're running AIX 6 & 7.
Previously we were using the old encryption techinique (DES/crypt)
I have a GUI application that has a verify button (the verify button is sort of a digital signature) - the user clicks it, enters his or her password and we then make a call to a C module, This... (3 Replies)
Discussion started by: evansch
3 Replies
10. Forum Support Area for Unregistered Users & Account Problems
I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login.
Following the provided link I attempted to update my password to one of my own... (1 Reply)
Discussion started by: Rich Marton
1 Replies
LEARN ABOUT DEBIAN
oneuser
ONEUSER(1) oneuser(1) -- manages OpenNebula users ONEUSER(1)
NAME
oneuser
SYNOPSIS
oneuser command [args] [options]
OPTIONS
-r, --read-file Read password from file
--sha1 The password will be hashed using the sha1 algorithm
--ssh SSH Auth system
--x509 x509 Auth system for x509 certificates
-k, --key path_to_private_key_pem Path to the Private Key of the User
-c, --cert path_to_user_cert_pem Path to the Certificate of the User
--driver driver Driver to autehnticate this user
--x509_proxy x509 Auth system based on x509 proxy certificates
--proxy path_to_user_proxy_pem Path to the user proxy certificate
--time x Token duration in seconds, defaults to 3600 (1 h)
-l, --list x,y,z Selects columns to display with list command
-d, --delay x Sets the delay in seconds for top command
-x, --xml Show the resource in xml format
-n, --numeric Do not translate user and group IDs
-v, --verbose Verbose mode
-h, --help Show this message
-V, --version Show version and copyright information
COMMANDS
o create username [password]
Creates a new User
Examples:
oneuser create my_user my_password
oneuser create my_user -r /tmp/mypass
oneuser create my_user --ssh --key /tmp/id_rsa
oneuser create my_user --ssh -r /tmp/public_key
oneuser create my_user --x509 --cert /tmp/my_cert.pem
valid options: read_file, sha1, ssh, x509, key, cert, driver
o update userid
Launches the system editor to modify and update the template contents
o login username
Creates the Login token for authentication
Examples:
oneuser login my_user --ssh --key /tmp/id_rsa --time 72000
oneuser login my_user --x509 --cert /tmp/my_cert.pem --key /tmp/my_key.pk --time 72000
oneuser login my_user --x509_proxy --proxy /tmp/my_cert.pem --time 72000
valid options: ssh, x509, x509_proxy, key, cert, proxy, time
o key
Shows a public key from a private SSH key. Use it as password
for the SSH authentication mechanism.
valid options: key
o delete range|userid_list
Deletes the given User
o passwd userid [password]
Changes the given User's password
valid options: read_file, sha1, ssh, x509, key, cert, driver
o chgrp range|userid_list groupid
Changes the User's main group
o chauth userid [auth] [password]
Changes the User's auth driver and its password (optional)
Examples:
oneuser chauth my_user core
oneuser chauth my_user core new_password
oneuser chauth my_user core -r /tmp/mypass
oneuser chauth my_user --ssh --key /home/oneadmin/.ssh/id_rsa
oneuser chauth my_user --ssh -r /tmp/public_key
oneuser chauth my_user --x509 --cert /tmp/my_cert.pem
valid options: read_file, sha1, ssh, x509, key, cert, driver
o list
Lists Users in the pool
valid options: list, delay, xml, numeric
o show [userid]
Shows information for the given User
valid options: xml
ARGUMENT FORMATS
o file
Path to a file
o range
List of id's in the form 1,8..15
o text
String
o groupid
OpenNebula GROUP name or id
o userid
OpenNebula USER name or id
o userid_list
Comma-separated list of OpenNebula USER names or ids
o password
User password
LICENSE
OpenNebula 3.4.1 Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may
obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
April 2012 ONEUSER(1)