On Mon, 2010-02-01 at 19:49 -0700, Warren Michelsen wrote:

On Mac OS, in order to allow ssh using dsa keys, I would copy ~/.ssh/id_dsa.pub from my machine into ~/.ssh/authorized_keys of the target machine. I've created .ssh directories in my account home as well as in /root and copied the respective keys to authorized_keys files in each.

Strangely, I can now ssh as root with no password but my own user account still prompts for a password. What might be wrong?

Interestingly, passwordless root ssh log-in worked while 'PermitRootLogin' in /etc/ssh/sshd_config was just 'yes' and before I changed it to 'without-password'.

---

Warren,

You should be able to achieve what you are wanting to do. Some principles that need to be followed are :

#1. If you change anything in sshd_config you must restart sshd before your changes will become active. You can do this in the root account easily by entering :

service sshd restart

#2. If you are connecting from one account to another account in different machines you must have id_dsa.pub in /home/user/.ssh/authorized_keys file of the account you are connecting with.

ie if you are logged on as root in one machine and you connect to another machine to the root account then id_dsa.pub of the original account has to be in /root/.ssh/authorized_keys of the machine you are connecting to.

#3. if you are are connecting to an account of a remote machine to an account different than the one you are on you must have the id_dsa.pub of your logged on account in the authorized_keys of the remote account.

ie if you are on the root account of one machine and you want to log onto the warren account of a remote machine you must have /root/.ssh/id_dsa.pub in /home/warren/.ssh/authorized_keys

The command for this connection would be

"ssh warren@remote.com" or "ssh -l warren remote.com"

Make sure these things are in place, and if it does not work after checking these things let me know.

Greg Ennis