cd ~bluethundr/.ssh/
[bluethundr@VIRTCENT01 ~]$ ls -al | grep .ssh -rw------- 1 bluethundr 1005 70 Oct 17 14:04 .lesshst drwxr-xr-x 2 bluethundr 1005 512 Oct 22 14:06 .ssh -rw-r--r-- 1 bluethundr 1005 1047 Sep 16 01:22 sshd-prop.txt [bluethundr@VIRTCENT01 ~]$ ls -lh .ssh total 28K -rw-r--r-- 1 bluethundr 1005 2.9K Oct 22 21:49 authorized_keys -rw------- 1 bluethundr 1005 1.7K Oct 22 21:48 id_rsa -rw-r--r-- 1 bluethundr 1005 400 Oct 22 21:48 id_rsa.pub -rw-r--r-- 1 bluethundr 1005 20K Oct 22 15:59 known_hosts
[root@VIRTCENT01 ~]# cd ~bluethundr/.ssh/ [root@VIRTCENT01 .ssh]# ls -lah ~bluethundr/.ssh/* -rw-r--r-- 1 bluethundr 1005 2.9K Oct 22 21:49 /home/bluethundr/.ssh/authorized_keys -rw------- 1 bluethundr 1005 1.7K Oct 22 21:48 /home/bluethundr/.ssh/id_rsa -rw-r--r-- 1 bluethundr 1005 400 Oct 22 21:48 /home/bluethundr/.ssh/id_rsa.pub -rw-r--r-- 1 bluethundr 1005 20K Oct 22 15:59 /home/bluethundr/.ssh/known_hosts [root@VIRTCENT01 .ssh]# cat ~bluethundr/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1vQJFa+RDUrqzcnQrzTR7wm3bPGI7cnAX3crAj9KFM3sxuSTP18ZE1V3N7aQ7dju0BJli1PfR/EnlKM/xAybvn4N2yH0bxiKuQwx7M0SvhXy3PUAJu8AuRBGag9yyG0fqJ0lWhcbrKbGwFxYsfpfpLp501Fs5pqqKRSJl4IM5Kv11QcM0ZXLEiJwByiz6vLSBgBxZG3MSgF03F2+gRZbQkPVECAg7e3mValoiZB0K5m3tjMFCr8FZoVVbz4J16fKgIc4WfRFcKTuGEDt3I0agDhosFMVpAvZV4WRYIIpg7nkYpKkIlqSX+GYH+7RPlh2QNQyvS+I0+XOXSdqkP62aQ== bluethundr@LCENT01.summitnjhome.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtLqML4TD+qE+L544ofOPFPnSUjnG/XIet66K1vvPot+sH81zxeZQgJeREcsOjYUrnApzigd+QudfCGRsNgQ7nFAPUX3edp0Ssi7GCeVTRiBcxYIcVMXm6Fgt2ERyAy0GPdpZCS+R2iKTBgESUo0kQXglm8Jkvlbc8/MDOOEAUiyHBKfOpUPe30qMtYtByNorNWjJz+v1jnGV+T2PVhsHIVpfT501YkHmRVspPy765nEoF9HKQtxc5UOClMCbYrd8R/J7mgtr2RAhFr3lj0dRfVM75hPhI/5qONmomoAoMSdz/c4pjrNlu6MbZV9m8tFi89AviyRkdu0kZt8F6QeJOQ== bluethundr@VIRTCENT02 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApnUSYyrM96qIBZKjwSNYycgeSv/BVQTjK7EHqPE1Lv3LLs0ixV9pOXvHMq3YCZHHmgyxwizShnt7MKWFcYPI02ywGHFPawvCM2hIqSwn7kH0KfraHO1Vt+zfcPVsqSo2Mw79cYezVvFYzbSSxCY6O00mZ5PWReyVuOn9Fb/uH/xCzKk9OsCpfCEmNF2YrLCfZvfAATgv7QmIRfsAa+ttLzUELGrfn/n+Xj8K/xqV8C71KPuf8s1OSf/19PLZedv2xSA2KU/OUekAc0gu1HNsC23gLTO7DSasW9y1LStWRryTbpn3UHcwQXlCuw2VtWGkrBCAaLEyG2rE8NIcBOsfHQ== bluethundr@lbsd8-2.summitnjhome.com -----BEGIN RSA PRIVATE KEY----- MIIEoQIBAAKCAQEAvidMglwWPpVBS5DQn983zpDX4HJl9ENErG6mL5bz1BHTv89i CrnjwCCHWwZAGTlYqzH/u0+s96CS0LrrZTyJRYBbG4770IZIHN5GEk3Yj867qGcv hBA3GLVBVgaH3MSdZU/EByXOANOxVtDq2OOtkfTRZHxYReNxSZtZCUO3dhiMYKPs sISCGHDgyUBzqQJP+RtHrPvtS+GzkBfH7y6ilhlCi8Z7Cs9jef6NKiiMeSyv5x2r QhMFwM0T+Ny2AO0kcA1up3zZ7OnTU28KhO5E9XvK82hnPA6uKWJvyDTsIZn27XPu /KuAG7V+xgbd3VH4NCAKn8ZJ+DRAIxQEX41IjQIBIwKCAQAVu1kzeD0Od3UtNR8o NsSMotbX0o9PHaFyytEqAp+F82ioNPVDDe4klgDXM+oRguWP6HT/dtHwah9oT+Bj V2AlMz2cv+JDt5M2f81+b0vzLZHKGmvUlCONy5JwO0K6JRlNaDOpC6KDwGwJ6/2V IVWqR91qkd4z33qpU5UloVbLqtYVj3Pr98N0UjDy/b+aaNSQH8QxB8GV8HinY8yX fhw/IIOq4rrJDR4oN937t2w+5ikUhAyO75ZkkOUq7m8/7k25/X81aAHydaOCUy9X mxVuFrBKR8b1lmxX0hsUlkR+hREv8+RcWcxumQmHYVajm8i4MA262sVQdLCWoTfv +NBbAoGBAPHraRn5TWirlr0CN/W67z7lYRFqiaNVdQLi1DBDYMj/txN99G2BB8br KE/YHsRsEED60Dq6gKfHzZC3atGR3GR16UbFM51bj89myuCoL3EPitIZcmXgP+lW W54GjLqYwXPVTvDUJCYue3hAyiWLNguJ4GQvfIRWNC9G68XIDtZ/AoGBAMk4k5xm fyszCvd43DFm/c0mpEGVbmwWdJD0mll+PmJuBa72kisqlNSu7Wb3hNTmvod4ygKk 4foJC64Jy5b/q5feug7O+yuH1K04TEueMdhiqnJQAfR26pDSmGTNhVo1zCy0jvAA dZ0lfvMkqQI6iNBemy5NT4ciAwe2JZUjvVLzAoGAfGpwkQPeqtvnH2A6CVjSz+Ou Q3iejoO4hSQynHpsSh0cUyrVeiUZ8UW89dzcn4gIW+60O3XbxABbFznB6B8g4zVT ZjmIQkxYloyi2fAYZgf+QCpYFyLfCkmrddd7kyn9Fv/8tl54/bGBU8mMiFY5DT+X +QJ6jTOlzyvJtixfZv8CgYEAmzpF/E8RpPt9fRQXk9Mbj6F3ZcsMCj01WeFD3qM3 cIDCjkku7hmIwVO+dADFjkuaSz/sSy689BWbS75p2uJ9DsHCuvdxTXdpjPDqZjg1 FKPikrK/rfVV3W9CXGQHyT9xntRuRB2cjyuN0YKuQ4w9qA53tgEgF8nH0r+2l586 R00CgYBMiwcYZxf7aWNd4eUaVSuGPu6bVG/epyKvc5NIVbEGkcx3XOu0Ly0i8K4j HeEiztRlp1dJ9231KBKtsRCjZNlwh6NGY+DOU8IGXZMRDYTYbFHJ5yAoAqAeVGrn NQO4VuDMKI6u5ZxwuvmP8f8lG1F9EWukp++Rt3FXy0qy9d4TrQ== -----END RSA PRIVATE KEY-----
[bluethundr@nas ~]$ grep $MYNFSFS /etc/exports /mnt/nas -alldirs -mapall=root -network 192.168.1.0 -mask 255.255.255.0
[bluethundr@nas2 /]$ grep $MYNFSFS /etc/exports /mnt/store -alldirs -mapall=root -network 192.168.1.0 -mask 255.255.255.0
[bluethundr@nas2 /]$ grep $MYNFSFS /etc/exports /mnt/home -mapall=root -network 192.168.1.0 -mask 255.255.255.0
yes I did cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys...
I enabled IdentityFile ~/.ssh/id_rsa and RSAAuthentication yes
in /etc/ssh/ssh_config and
RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
in /etc/ssh/sshd_config
still failed... :(
[bluethundr@VIRTCENT02 ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys [bluethundr@VIRTCENT02 ~]$ ssh virt1 bluethundr@virt1's password: Last login: Fri Oct 22 22:31:41 2010 from 192.168.1.2
the only thing left I can think of is that bluethundr is an LDAP user. can THAT prevent the user from logging in with keys? Also, the root user key has been exported across the network and can login without a password...
this is mighty puzzling!!
On Fri, Oct 22, 2010 at 8:42 PM, Robert Heller heller@deepsoft.com wrote:
At Fri, 22 Oct 2010 14:38:37 -0400 CentOS mailing list centos@centos.org wrote:
hey listers!
silly quesion: if I generate an RSA key on an NFS shared home directory, then cat >> it into the .ssh/authorized_keys file in the same location, shouldn't I then be able to ssh into each host that shares the NFS home directory without entering a passphrase (assuming the key doesn't have one)? and assuming the permissions on the authorized_keys file belong to the user with mode 600?
Yes. This works quite well.
thanks! tim
-- Robert Heller -- 978-544-6933 / heller@deepsoft.com Deepwoods Software -- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos