[CentOS] Passwordless ssh

Agile Aspect agile.aspect at gmail.com
Tue Feb 2 03:35:08 UTC 2010


On Mon, Feb 1, 2010 at 6:49 PM, Warren Michelsen <Warren at mdcclxxvi.com> wrote:
> On Mac OS, in order to allow ssh using dsa keys, I would copy
> ~/.ssh/id_dsa.pub from my machine into ~/.ssh/authorized_keys of the
> target machine. I've created .ssh directories in my account home as
> well as in /root and copied the respective keys to authorized_keys
> files in each.
>
> Strangely, I can now ssh as root with no password but my own user
> account still prompts for a password. What might be wrong?
>
>
> Interestingly, passwordless root ssh log-in worked while
> 'PermitRootLogin' in /etc/ssh/sshd_config was just 'yes' and before I
> changed it to 'without-password'.

Check the permission all your top level directories and the .ssh
directories and it's files.

Basically,  group and other writes are forbidden since it would allow
other people to change your keys.

If you're allowing the use of passwords and keys, then it's just
falling back to passwords because the permissions are incorrect.

And I presuming the secret key is not encrypted, i.e., you never set a
passphrase - hence the root login works without a password since the
permissions are correct for key exchange.

Also, on Redhat/Centos/Solaris machines, it's

    PermitRootLogin no

or

    PermitRootLogin yes

and not

     PermitRootLogin without-password

There should be separate entry for passwords

     PermitEmptyPasswords no

You have to be barking mad to allow root connections - or any
connection - with an empty passwords.

Note, this isn't Mac mailing list so your mileage will vary. Without a
sshd_config file it's hard to help you.


-- 
      Enjoy global warming while it lasts.


More information about the CentOS mailing list