1

I am trying to set up a key between my Ubuntu machine and my web server so that I can SSH into it without needing to type a password each time.

I have followed the tutorial found here - http://www.csua.berkeley.edu/~ranga/notes/ssh_nopass.html - to the letter.

Whilst everything seemed to work, when I try to SSH into the server the next time it still prompts me for a password.

My first question is that the reason I am doing this is so I can SSH onto a specific site on my server, so I set this all up on the server using the username associated with the site (in this case tosbourn) is this right or should I have used root on the server?

The second question is that because on my machine my username is different (it is toby) I think this could stop it from working? Am I correct in this assumption or should this not matter?

As it stands the home directories on both my local machine and server have .ssh in them and I have copied accross the required file and renamed it to authorized_keys (and keys2)

Any help would be greatly appreciated.

innaM
  • 10,412
Toby
  • 729

5 Answers5

3

One thing to check is permissions on the key file on the server. I have found in the past that sshd will not use the authorised_keys file unless the permissions are greatly restricted.

chmod 600 ~/.ssh/authorized_keys

ought to do it.

BTW, I'm using keys generated by PuTTY to access a Linux (Slackware) server and all is well.

Ken Keenan
  • 356
1
  • Using a normal user is good and actually preferred. You might even consider disabling root logins on the server.
  • If your usernames differ across machines, you have to specify the username on your ssh command line (or in your ~/.ssh/config file): ssh -l username hostname.

On your server, check the system logs in /var/log. I am not sure where failed login attempts get logged on your machine, but look for the log files that have been changed recently after a failed login and you should be able to come up with something.

If that didn't help, try getting a verbose out put from ssh: ssh -v -l username hostname. The output is hard to read and understand, but it might give you a clue about what might have gone wrong.

It is also always worth checking that the public key you put on your server didn't end up there in multiple lines. One public key = one single line in the authorized_keys file.

Finally, are you sure that public key logins are enabled on your server?

innaM
  • 10,412
1

I had trouble with keys on a server running Ubuntu. One way to test is to this on the server:

sudo /usr/sbin/sshd -d -p [some port]

And then connect using

ssh -v server.url -p [same port]

This should give you debug info on both sides. The sshd process will probably be more interesting because it will tell you why it's rejecting the key.

My solution was to just give up and move authorized keys to /etc/ssh/users/[user name]/authorized_keys and then changed /etc/ssh/sshd_config's AuthorizedKeysFile setting:

AuthorizedKeysFile /etc/ssh/users/%u/authorized_keys

It's sort of a brute force solution, but it might solve your problem.

Brendan Long
  • 1,808
0

I was speaking to the hosts and it would seem that the key I generate needs to be made in Putty on a windows machine, the converted to work on my Ubuntu machine. This doesn't seem right like but I am going to give it a go and see what happens!

Cheers again to Manni for the response.

Toby
  • 729
0

On the client do:

ssh-keygen

(without passphrase)

and then:

ssh-copy-id username@server

This should set up keyed login.

Jimmy Hedman
  • 956