ssh login without key

B

bsus

Hi,

I have an extra admin account on the FreeBSD server, with which I can su to root. Because it's very tiring to enter two long passwords I wanted to use key-based authentication.

I created a private and public key with ssh-keygen. Then I copied the private key to the other host and added the following to the .ssh/config:
Code: 
Host server
HostName 192.168.178.4
User <admin>
Identityfile id_rsa

When I now want to log on with ssh server I still need to enter a password. How can this be? A possible problem could be that I don't have the admin user of the server on the clients, so I usually have to use ssh 192.168.178.4 -ladmin to log on.

Regards.
 
You should have copied the public key (.ssh/id_rsa.pub) to the server, not the private one. It needs to be saved into the .ssh/authorized_keys file of the admin account.

You could do that with:
[CMD="client$"]cat .ssh/id_rsa.pub | ssh -l admin server 'cat >> .ssh/authorized_keys'[/CMD]

If you protected the keys with a passphrase, you will still be prompted for it each time you ssh to your server, unless you load the key into memory with ssh-agent(1) on your local client.
 
So, the content of id_rsa.pub is copied to authorized_keys on the target system (which I want to log on) the id_rsa is copied to the client and has become 600 rights.

When I now want to log on from the client to the server with [CMD=]ssh -l admin -i id_rsa 192.168.178.4[/CMD] then I still am getting a required passwort (and that's the normal user password, not the one for the private key.)

Is there maybe an extra setting only to use password authentication instead of keys?
 
bsus said:
Is there maybe an extra setting only to use password authentication instead of keys?
Click to expand...
Although probably not commonly used, sshd(1) can indeed be configured (not) to allow passwords and/or public keys. See sshd_config(5), particularly the options PubkeyAuthentication and AuthorizedKeysFile in /etc/ssh/sshd_config.

Fonz
 
Lets see the output of
$ ssh -v -l admin 192.168.178.4

If your id_rsa file is in your .ssh directory on your client machine (it gets saved there by ssh-keygen(1) default), you don't need to specify the -i option.
 
I found the issue hwo emberessing.

The shell had to reload the setting from .ssh/config - I mentioned this after a reboot...

[solved]
 
You must log in or register to reply here.
Back
Top