[CentOS] CONNECTING VIA SSH BETWEEN CENTOS 4 AND 5

Wed Apr 16 21:46:11 UTC 2008
Ned Slider <nedslider at pendre.co.uk>

Chris Geldenhuis wrote:
> Stephen John Smoogen wrote:
>> On Wed, Apr 16, 2008 at 1:32 PM, Chris Geldenhuis
>> <chris.gelden at iafrica.com> wrote:
>>  
>>> Hi,
>>>
>>>  I am trying to set up an automatic connection between CentOS 4 system
>>> (server) and a CentOS 5 DomU VM (client) via ssh to enable my to back up
>>> development files on the server to the client with a cron process.
>>>
>>>  I generate they key pair without a pass phrase on the client and 
>>> copy the
>>> public key to the same user's .ssh directory on the server as
>>> authorized_keys2.
>>>
>>>  When I try to ssh to the Server from the Client, I am still asked 
>>> for the
>>> user's password on the client.
>>>
>>>  If I do the same with CentOS 5 for both Client and Server, I can login
>>> without providing a password.
>>>
>>>  The versions of ssh on the two systems are:
>>>
>>>  Client (CentOS 5):   OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
>>>
>>>  Server (CentOS 4):   OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
>>>
>>>  Does anyone on the list know whether these versions are compatible 
>>> or how
>>> to get them to work together without requiring a password.
>>>
>>>  It is not an option to change to CentOS5 on the server side as that 
>>> system
>>> is serving as a development system for a client running RedHat ES 4 
>>> and has
>>> to have the identical configuration and be binary compatible.
>>>     
>>
>> I know this works between the entire CentOS family. The main problems
>> I have seen are that the users home directory or .ssh permissions are
>> not secure enough for ssh to do its thing.
>>
>> ssh -v -v -v will tell you more than you want on where it is having
>> problems.. but the quick fix I use are the following:
>>
>> su - root
>> chown $user $user_homedir # fill in $user and $user_home correctly as
>> in dude and /nfs/home/d/dude
>> chmod 0750 $user_homedir
>> chown $user $user_homedir/.ssh
>> chmod 0700 $user_homedir/.ssh
>> chmod 0600 $user_homedir/.ssh/authorized_keys
>>
>> If that doesn't fix the problem the -v -v -v will tel what else might
>> be the cause.
>>
>>
>>
>>   
> Thanks - changing the permissions fixed the problem . Thanks also to 
> Daniel for his suggestions.
> 

Yes, if StrictModes is set to yes in /etc/ssh/sshd_config (which is the 
default), then the correct permissions *must* be set on ~/.ssh and 
~/.ssh/authorized_keys.

It is also documented in the Wiki article here:

http://wiki.centos.org/HowTos/Network/SecuringSSH#head-9c5717fe7f9bb26332c9d67571200f8c1e4324bc

Regards,

Ned